diff --git a/configs/debian/bookworm_gnome.json b/configs/debian/bookworm_gnome.json index fb21abf..ea74795 100644 --- a/configs/debian/bookworm_gnome.json +++ b/configs/debian/bookworm_gnome.json @@ -7,6 +7,8 @@ "replace_repositories": "False", "keyrings": [], "packages": "grub-pc linux-image-amd64 task-gnome-desktop live-task-standard", + "create_ca": "False", + "preinstall_scripts": [], "scripts": [ "configs/scripts/install.sh", "configs/scripts/user.sh" diff --git a/configs/debian/bookworm_kde.json b/configs/debian/bookworm_kde.json index b7ff22b..7dee08a 100644 --- a/configs/debian/bookworm_kde.json +++ b/configs/debian/bookworm_kde.json @@ -7,6 +7,8 @@ "replace_repositories": "False", "keyrings": [], "packages": "grub-pc linux-image-amd64 task-kde-desktop live-task-standard", + "create_ca": "False", + "preinstall_scripts": [], "scripts": [ "configs/scripts/install.sh", "configs/scripts/user.sh" diff --git a/configs/debian/bookworm_lxqt.json b/configs/debian/bookworm_lxqt.json index e345277..09d003b 100644 --- a/configs/debian/bookworm_lxqt.json +++ b/configs/debian/bookworm_lxqt.json @@ -7,6 +7,8 @@ "replace_repositories": "False", "keyrings": [], "packages": "grub-pc linux-image-amd64 task-lxqt-desktop live-task-standard", + "create_ca": "False", + "preinstall_scripts": [], "scripts": [ "configs/scripts/install.sh", "configs/scripts/user.sh" diff --git a/configs/debian/bookworm_mate.json b/configs/debian/bookworm_mate.json index 0150c1e..4552190 100644 --- a/configs/debian/bookworm_mate.json +++ b/configs/debian/bookworm_mate.json @@ -7,6 +7,8 @@ "replace_repositories": "False", "keyrings": [], "packages": "grub-pc linux-image-amd64 task-mate-desktop live-task-standard", + "create_ca": "False", + "preinstall_scripts": [], "scripts": [ "configs/scripts/install.sh", "configs/scripts/user.sh" diff --git a/configs/debian/bookworm_server.json b/configs/debian/bookworm_server.json index 9caf962..91c8e8e 100644 --- a/configs/debian/bookworm_server.json +++ b/configs/debian/bookworm_server.json @@ -7,6 +7,10 @@ "replace_repositories": "False", "keyrings": [], "packages": "nginx grub-pc linux-image-amd64 docker.io make curl openssl nano", + "create_ca": "True", + "preinstall_scripts": [ + "configs/scripts/ca.sh" + ], "scripts": [ "configs/scripts/install.sh", "configs/scripts/server.sh" diff --git a/configs/debian/bookworm_xfce.json b/configs/debian/bookworm_xfce.json index d24fe7c..94fc354 100644 --- a/configs/debian/bookworm_xfce.json +++ b/configs/debian/bookworm_xfce.json @@ -7,6 +7,8 @@ "replace_repositories": "False", "keyrings": [], "packages": "grub-pc linux-image-amd64 task-xfce-desktop live-task-standard", + "create_ca": "False", + "preinstall_scripts": [], "scripts": [ "configs/scripts/install.sh", "configs/scripts/user.sh" diff --git a/configs/scripts/ca.sh b/configs/scripts/ca.sh new file mode 100755 index 0000000..affa2df --- /dev/null +++ b/configs/scripts/ca.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# This file is part of VM-Experiments. +# Licensed under the GPL-3.0-or-later. See LICENSE for details. + +trap '' SIGINT SIGTERM +rm /etc/nginx/sites-enabled/default +tar -xzf /root/deployment.tar.gz -C /root +openssl genrsa -out /root/ca.key 2048 +chmod 400 /root/ca.key +mkdir -p /etc/ssl/certs/ +mkdir -p /etc/ssl/private/ +openssl req -x509 -new -nodes -key /root/ca.key -sha256 -days 1024 -out /etc/ssl/certs/ca.crt -subj '/C=CH/ST=Zurich/L=Zurich/O=InterstellarNet/OU=NONE/CN=INTERSTELLAR' +cp /etc/ssl/certs/ca.crt /root +cp /etc/ssl/certs/ca.crt /usr/local/share/ca-certificates/ +chown -R www-data:www-data /etc/ssl/private/ +chown -R www-data:www-data /etc/ssl/certs/ +chmod 600 -R /etc/ssl/private/ +chmod 644 -R /etc/ssl/certs/ca.crt +update-ca-certificates diff --git a/configs/scripts/server.sh b/configs/scripts/server.sh index 605c537..65dd83f 100755 --- a/configs/scripts/server.sh +++ b/configs/scripts/server.sh @@ -21,20 +21,3 @@ while true; do break fi done - -rm /mnt/etc/nginx/sites-enabled/default -tar -xzf deployment.tar.gz -C '/mnt/root' -chroot /mnt /bin/bash -c "cd root && openssl genrsa -out ca.key 2048" -chmod 400 /mnt/root/ca.key -mkdir -p /mnt/etc/ssl/certs/ -mkdir -p /mnt/etc/ssl/private/ -chroot /mnt /bin/bash -c "openssl req -x509 -new -nodes -key /root/ca.key -sha256 -days 1024 -out /etc/ssl/certs/ca.crt -subj '/C=CH/ST=Zurich/L=Zurich/O=InterstellarNet/OU=NONE/CN=INTERSTELLAR'" -cp /mnt/etc/ssl/certs/ca.crt /mnt/root -cp /mnt/etc/ssl/certs/ca.crt /mnt/usr/local/share/ca-certificates/ -chroot /mnt /bin/bash -c "chown -R www-data:www-data /etc/ssl/private/" -chroot /mnt /bin/bash -c "chown -R www-data:www-data /etc/ssl/certs/" -chmod 600 -R /mnt/etc/ssl/private/ -chmod 644 -R /mnt/etc/ssl/certs/ca.crt -chroot /mnt /bin/bash -c "update-ca-certificates" - -read a diff --git a/configs/ubuntu/noble_gnome.json b/configs/ubuntu/noble_gnome.json index 2fda94e..27fab7f 100644 --- a/configs/ubuntu/noble_gnome.json +++ b/configs/ubuntu/noble_gnome.json @@ -7,6 +7,8 @@ "replace_repositories": "False", "keyrings": [], "packages": "grub-pc linux-image-generic ubuntu-desktop", + "create_ca": "False", + "preinstall_scripts": [], "scripts": [ "configs/scripts/install.sh", "configs/scripts/user.sh" diff --git a/configs/ubuntu/noble_kde.json b/configs/ubuntu/noble_kde.json index 9032da8..6e3623b 100644 --- a/configs/ubuntu/noble_kde.json +++ b/configs/ubuntu/noble_kde.json @@ -7,6 +7,8 @@ "replace_repositories": "False", "keyrings": [], "packages": "grub-pc linux-image-generic kubuntu-desktop", + "create_ca": "False", + "preinstall_scripts": [], "scripts": [ "configs/scripts/install.sh", "configs/scripts/user.sh" diff --git a/configs/ubuntu/noble_lxqt.json b/configs/ubuntu/noble_lxqt.json index 99fd26e..7b4a0de 100644 --- a/configs/ubuntu/noble_lxqt.json +++ b/configs/ubuntu/noble_lxqt.json @@ -7,6 +7,8 @@ "replace_repositories": "False", "keyrings": [], "packages": "grub-pc linux-image-generic lubuntu-desktop", + "create_ca": "False", + "preinstall_scripts": [], "scripts": [ "configs/scripts/install.sh", "configs/scripts/user.sh" diff --git a/configs/ubuntu/noble_mate.json b/configs/ubuntu/noble_mate.json index 7545b06..c9fe07a 100644 --- a/configs/ubuntu/noble_mate.json +++ b/configs/ubuntu/noble_mate.json @@ -7,6 +7,8 @@ "replace_repositories": "False", "keyrings": [], "packages": "grub-pc linux-image-generic ubuntu-mate-desktop", + "create_ca": "False", + "preinstall_scripts": [], "scripts": [ "configs/scripts/install.sh", "configs/scripts/user.sh" diff --git a/configs/ubuntu/noble_server.json b/configs/ubuntu/noble_server.json index cc5b36e..7970840 100644 --- a/configs/ubuntu/noble_server.json +++ b/configs/ubuntu/noble_server.json @@ -7,6 +7,10 @@ "replace_repositories": "False", "keyrings": [], "packages": "nginx grub-pc linux-image-generic docker.io make curl openssl nano", + "create_ca": "True", + "preinstall_scripts": [ + "configs/scripts/ca.sh" + ], "scripts": [ "configs/scripts/install.sh", "configs/scripts/server.sh" diff --git a/configs/ubuntu/noble_xfce.json b/configs/ubuntu/noble_xfce.json index 6517644..addb79a 100644 --- a/configs/ubuntu/noble_xfce.json +++ b/configs/ubuntu/noble_xfce.json @@ -7,6 +7,8 @@ "replace_repositories": "False", "keyrings": [], "packages": "grub-pc linux-image-generic xubuntu-desktop", + "create_ca": "False", + "preinstall_scripts": [], "scripts": [ "configs/scripts/install.sh", "configs/scripts/user.sh" diff --git a/main.py b/main.py index a9355c8..84ea51d 100755 --- a/main.py +++ b/main.py @@ -100,9 +100,6 @@ def rootfs_package(identifier, scripts, extra_files): command(f"echo 'reboot' | sudo tee -a '{chroot}/root/.profile'") command(f"echo 'reboot' | sudo tee -a '{chroot}/root/.bashrc'") - for extra_file in extra_files: - command(f"sudo cp '{extra_file}' '{chroot}/root'") - if shutil.which("grub-mkrescue"): command(f"sudo grub-mkrescue -o '{outfile}' '{chroot}'") elif shutil.which("grub2-mkrescue"): @@ -120,6 +117,8 @@ def download_rootfs_prepare( replace_repositories, keyrings, identifier, + create_ca, + preinstall_scripts, scripts, package_manager, extra_files, @@ -138,6 +137,8 @@ def debootstrap_rootfs_prepare( replace_repositories, keyrings, identifier, + create_ca, + preinstall_scripts, scripts, package_manager, extra_files, @@ -160,6 +161,8 @@ def apt_rootfs_prepare( keyrings, packages, identifier, + create_ca, + preinstall_scripts, scripts, extra_files, ): @@ -177,10 +180,15 @@ def apt_rootfs_prepare( do_chroot_command(f"echo '{repository}' >/etc/apt/sources.list") overwritten + True - for keyring in keyrings: - do_chroot_command(f"wget {keyring["download"]}") - do_chroot_command(f"dpkg -i {keyring["name"]}") - do_chroot_command(f"rm {keyring["name"]}") + for preinstall_script in preinstall_scripts: + command(f"sudo mv {preinstall_script} {chroot}/root") + do_chroot_command(f"cd root && ./{preinstall_script}") + + if create_ca: + command(f"sudo cp {chroot}/etc/ssl/certs/ca.crt {output}") + + for extra_file in extra_files: + command(f"sudo cp '{extra_file}' '{chroot}/root'") do_chroot_command("apt update -y") do_chroot_command("apt full-upgrade -y") @@ -244,6 +252,8 @@ def main(): scripts = data["scripts"] package_manager = data["package_manager"] extra_files = data["extra_files"] + create_ca = bool(data["create_ca"]) + preinstall_scripts = data["preinstall_scripts"] match rootfs_type: case "download": @@ -255,6 +265,8 @@ def main(): replace_repositories, keyrings, identifier, + create_ca, + preinstall_scripts, scripts, package_manager, extra_files,