Commit 59a86e32 authored by amnesia's avatar amnesia
Browse files
parents 3226e35b 9943425a
......@@ -17,7 +17,7 @@ $RUN_LB_CONFIG \
--apt-recommends false \
--backports false \
--binary-images iso-hybrid \
--binary-indices none \
--binary-indices false \
--isohybrid-options "$AMNESIA_ISOHYBRID_OPTS" \
--bootappend-live "${AMNESIA_APPEND}" \
--bootstrap "cdebootstrap" \
......@@ -29,6 +29,7 @@ $RUN_LB_CONFIG \
--packages-lists="standard" \
--syslinux-menu vesamenu \
--syslinux-timeout 4 \
--initramfs=live-boot \
${@}
# build i386 images on amd64 as well, include only 686 kernel
......
......@@ -11,7 +11,7 @@
# sourced by various other scripts.
# Base for the string that will be passed to "lb config --bootappend-live"
AMNESIA_APPEND="splash vga=788 live-media=removable nopersistent noprompt=usb"
AMNESIA_APPEND="splash vga=788 live-media=removable nopersistent noprompt"
# Options passed to isohybrid
# Default: "-entry 4 -type 1c"
......
#!/bin/sh
# Compress the initramfs using a more size-wise efficient algorithm.
OPTS_FILE='/etc/initramfs-tools/initramfs.conf'
[ -f "${OPTS_FILE}" ] || exit 11
sed -i'' 's,^COMPRESS=.*,COMPRESS=lzma,' "${OPTS_FILE}"
......@@ -3,8 +3,21 @@
echo "managing initscripts"
# enable custom initscripts
update-rc.d tails-detect-virtualization defaults
update-rc.d tails-wifi defaults
update-rc.d tails-detect-virtualization start 17 S .
update-rc.d tails-kexec stop 85 0 6 .
update-rc.d tails-kexec-cache stop 85 0 6 .
update-rc.d tails-wifi start 17 S .
# we run Tor ourselves after HTP via NetworkManager hooks
update-rc.d tor disable
# we reboot/halt using kexec->sdmem
update-rc.d -f halt remove
update-rc.d -f reboot remove
# we provide our own tails-kexec initscript (more friendly to ejected CD/USB)
update-rc.d -f kexec remove
# we use kexec on halt too => enable kexec-load initscript on runlevel 0 as well
update-rc.d -f kexec-load remove
update-rc.d kexec-load stop 18 0 6 .
......@@ -6,3 +6,5 @@ rm -rf \
/usr/share/inkscape/examples \
/usr/share/inkscape/tutorials
find /usr/share/doc -type f -name changelog.gz -exec rm "{}" \;
find /usr/share/doc -type f -name changelog.Debian.gz -exec rm "{}" \;
# Defaults for kexec initscript
# sourced by /etc/init.d/kexec and /etc/init.d/kexec-load
# Load a kexec kernel (true/false)
LOAD_KEXEC=true
# Kernel and initrd image
KERNEL_IMAGE="/vmlinuz"
INITRD="/initrd.img"
# If empty, use current /proc/cmdline
APPEND="quiet"
case "$RUNLEVEL" in
6)
APPEND="${APPEND} sdmem=reboot sdmemopts=vllf"
;;
*)
APPEND="${APPEND} sdmem=halt sdmemopts=vllf"
;;
esac
......@@ -75,6 +75,6 @@ COMMIT
[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040
# Redirect all remaining TCP traffic to Tor.
[0:0] -A OUTPUT -o ! lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DNAT --to-destination 127.0.0.1:9040
[0:0] -A OUTPUT ! -o lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DNAT --to-destination 127.0.0.1:9040
COMMIT
......@@ -22,6 +22,10 @@ pref("app.update.enabled", false);
pref("browser.bookmarks.livemark_refresh_seconds", 31536000);
pref("browser.cache.disk.capacity", 0);
pref("browser.cache.disk.enable", false);
pref("browser.cache.offline.enable", false);
pref("browser.chrome.favicons", false);
pref("browser.chrome.site_icons", false);
pref("browser.chrome.image_icons.max_size", 0);
pref("browser.download.manager.closeWhenDone", true);
pref("browser.download.manager.retention", 0);
pref("browser.formfill.enable", false);
......@@ -45,6 +49,8 @@ pref("dom.storage.enabled", false);
pref("extensions.foxyproxy.last-version", "2.19.1");
pref("extensions.update.enabled", false);
pref("extensions.update.notifyUser", false);
pref("geo.enabled", false);
pref("geo.wifi.uri", "");
pref("layout.css.report_errors", false);
pref("network.cookie.lifetimePolicy", 2);
pref("network.cookie.prefsMigrated", true);
......
......@@ -24,7 +24,6 @@ user_pref("extensions.torbutton.https_port", 8118);
user_pref("extensions.torbutton.https_proxy", "127.0.0.1");
user_pref("extensions.torbutton.locked_mode", true);
user_pref("extensions.torbutton.no_updates", true);
user_pref("extensions.torbutton.noncrashed", true);
user_pref("extensions.torbutton.normal_exit", true);
user_pref("extensions.torbutton.nonontor_sessionstore", true);
user_pref("extensions.torbutton.nontor_memory_jar", true);
......
......@@ -4,7 +4,7 @@
# Required-Start: mountkernfs $local_fs
# Required-Stop: $local_fs
# Default-Start: S
# Default-Stop: 0 6
# Default-Stop:
# Short-Description: Detect if we are running in a virtual machine
# Description: Detect if we are running in a virtual machine
### END INIT INFO
......
#! /bin/sh
### BEGIN INIT INFO
# Provides: tails-kexec
# Required-Start:
# Required-Stop:
# Should-Stop: halt reboot
# X-Stop-After: umountroot live-boot tails-kexec-cache
# Default-Start:
# Default-Stop: 0 6
# X-Interactive: true
# Short-Description: Execute the kexec -e command to reboot system
# Description:
### END INIT INFO
PATH=/sbin:/bin
do_stop () {
test "x`/bin/cat /sys/kernel/kexec_loaded`y" = "x1y" || exit 0
/bin/stty sane < /dev/console
echo "\n" > /dev/console
echo "----------------------------------------------------------" > /dev/console
echo " You can now remove the boot CD or USB stick." > /dev/console
echo "The system memory is going to be wiped in a few seconds..." > /dev/console
echo "----------------------------------------------------------" > /dev/console
echo "\n" > /dev/console
/bin/sleep 5
/sbin/kexec -e
}
case "$1" in
start)
# No-op
;;
restart|reload|force-reload)
echo "Error: argument '$1' not supported" >&2
exit 3
;;
stop)
do_stop
;;
*)
echo "Usage: $0 start|stop" >&2
exit 3
;;
esac
exit 0
#! /bin/sh
### BEGIN INIT INFO
# Provides: tails-kexec-cache
# Required-Start:
# Required-Stop:
# Should-Stop: live-boot tails-kexec
# Default-Start:
# Default-Stop: 0 6
# X-Stop-After: kexec-load umountroot
# Short-Description: Cache files needed by kexec
# Description: Cache files needed by /etc/init.d/tails-kexec
### END INIT INFO
# Author: T(A)ILS developers <amnesia@boum.org>
# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/usr/sbin:/usr/bin:/sbin:/bin
DESC="Caching files needed by kexec"
NAME=tails-kexec-cache
SCRIPTNAME=/etc/init.d/$NAME
. /lib/lsb/init-functions
cache_path()
{
path="${1}"
if [ -d "${path}" ]
then
find "${path}" -type f | xargs cat > /dev/null 2>&1
elif [ -f "${path}" ]
then
if [ -x "${path}" ]
then
if file -L "${path}" | grep -q 'dynamically linked'
then
for lib in $(ldd "${path}" | awk '{ print $3 }')
do
cache_path "${lib}"
done
fi
fi
cat "${path}" >/dev/null 2>&1
fi
}
do_stop() {
log_action_begin_msg "$DESC"
for path in /bin/sh /etc/init.d/tails-kexec /bin/stty /bin/cat /bin/sleep /sbin/kexec ; do
cache_path "$path"
done
log_action_end_msg 0
}
case "$1" in
start)
# No-op
;;
restart|reload|force-reload)
echo "Error: argument '$1' not supported" >&2
exit 3
;;
stop)
do_stop
;;
*)
echo "Usage: $0 start|stop" >&2
exit 3
;;
esac
exit 0
......@@ -4,7 +4,7 @@
# Required-Start: mountkernfs $local_fs
# Required-Stop: $local_fs
# Default-Start: S
# Default-Stop: 0 6
# Default-Stop:
# Short-Description: Configure wireless interfaces
# Description: T(A)ILS-specific wireless configuration
### END INIT INFO
......
#!/bin/sh
Install_TrueCrypt ()
{
# Only install TrueCrypt when "truecrypt" appers on kernel command line
grep -qw "truecrypt" /proc/cmdline || return 0
echo "- Installing TrueCrypt"
# Create temporary directory to extract upstream tarball
TMPDIR=$(mktemp -d) || return 1
trap "rm -rf '$TMPDIR'" EXIT
# Find upstream tarball
UPSTREAM_TARBALL="$(find /usr/share/amnesia -type f \
-name 'truecrypt-*-linux-x86.tar.gz' | sort -n | tail -n 1)"
# Unpack upstream tarball and lookup setup binary
INSTALLER="$(tar -C "$TMPDIR" -zvxf "$UPSTREAM_TARBALL" | grep -- '-setup-x86$')"
expect >/var/log/truecrypt-installer.log <<-EOF
set timeout 30
spawn "$TMPDIR/$INSTALLER"
expect "To select, enter 1 or 2:"
send "1\n"
expect "Press Enter to display the license terms..."
send "\n"
expect "\n:"
send "q"
expect "Do you accept and agree to be bound by the license terms? (yes/no):"
send "yes\n"
expect "Press Enter to exit..."
send "\n"
EOF
}
Install_TrueCrypt
#!/bin/sh
set -e
# FIXME: what is this used for? dependency-based hooks ordering?
PREREQ=""
prereqs() {
echo "${PREREQ}"
}
case "${1}" in
prereqs)
prereqs
exit 0
;;
esac
. /usr/share/initramfs-tools/hook-functions
copy_exec /sbin/halt
copy_exec /sbin/reboot
copy_exec /usr/bin/sdmem
#!/bin/sh
PREREQ=""
prereqs() {
echo "${PREREQ}"
}
case ${1} in
prereqs)
prereqs
exit 0
;;
esac
if [ -n "${sdmem}" ] ; then
if [ -n "${sdmemopts}" ] ; then
/usr/bin/sdmem "-${sdmemopts}"
else
/usr/bin/sdmem -v
fi
fi
case "${sdmem}" in
halt)
/sbin/halt -fndp
;;
reboot)
/sbin/reboot -fnd
;;
*)
;;
esac
......@@ -81,10 +81,14 @@ iceweasel-l10n-pt-pt
iceweasel-l10n-zh-cn
inkscape
iptables
kexec-tools
less
laptop-mode-tools
libgfshare-bin
libsane-hpaio
liferea
live-config
live-config-sysvinit
localepurge
lvm2
macchanger
......@@ -150,7 +154,6 @@ totem-gstreamer
vidalia
vim-nox
wireless-tools
wipe
xsane
xul-ext-adblock-plus
xul-ext-firegpg
......
--- chroot.orig/etc/init.d/kexec-load 2011-01-14 12:30:05.089859516 +0100
+++ chroot/etc/init.d/kexec-load 2011-01-14 12:30:29.159667183 +0100
@@ -5,7 +5,7 @@
# Required-Stop: $local_fs $remote_fs kexec
# Should-Stop: autofs
# Default-Start:
-# Default-Stop: 6
+# Default-Stop: 0 6
# Short-Description: Load kernel image with kexec
# Description:
### END INIT INFO
live-boot live-boot/smem boolean true
live-boot live-boot/sdmem boolean true
......@@ -76,6 +76,11 @@ preserving your privacy and anonymity:
The <a href='http://mandalka.name/privatix/'>Privatix Live-System</a> was
an early source of inspiration, too.
</li>
<li>
Portions of this product are based in part on
TrueCrypt, freely available at <a
href="http://www.truecrypt.org/">http://www.truecrypt.org/</a>.
</li>
</ul>
</div> <!-- #acknowledgements -->
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment