From f201878306730677591d08ad6f09965910b97e61 Mon Sep 17 00:00:00 2001 From: Jacob Appelbaum Date: Thu, 18 Aug 2011 17:06:50 +0200 Subject: update torouter_config.sh to copy files --- packages/torouter-prep/src/torouter_config.sh | 131 +++++++++----------------- 1 file changed, 47 insertions(+), 84 deletions(-) (limited to 'packages/torouter-prep/src/torouter_config.sh') diff --git a/packages/torouter-prep/src/torouter_config.sh b/packages/torouter-prep/src/torouter_config.sh index 7c79862..aec9b48 100644 --- a/packages/torouter-prep/src/torouter_config.sh +++ b/packages/torouter-prep/src/torouter_config.sh @@ -1,60 +1,47 @@ #!/bin/bash -x +export VERSION="0.1" + echo "This program will reconfigure your Debian system into a Torouter" exit 0 echo "This is where we'd take over the entire Torouter system" # For every file we touch, move it to the temp_dir and then tar it up in the end -temp_dir="`mktemp -d`" -config_dir="/usr/share/doc/torouter-prep/example-configs/" +export temp_dir="`mktemp -d`" +export config_dir="/usr/share/doc/torouter-prep/example-configs/" -# Add a user -ADMINUSER="toradmin" -ADMINGROUP="toradmin" +# Add a user to administrate the Torouter later +export ADMINUSER="torouter" +export ADMINGROUP="torouter" -# Install the Tor repo key -gpg --keyserver keys.gnupg.net --recv 886DDD89 -gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - +addgroup $ADMINGROUP +useradd -g $ADMINGROUP -s /bin/bash $ADMINUSER -cp /etc/hosts $temp_dir/ -# Stomp on the hosts file -cat << EOF > /etc/hosts -127.0.0.1 localhost -EOF +# Install the Tor repo key +# gpg --keyserver keys.gnupg.net --recv 886DDD89 +# gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - +apt-get add $config_dir/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key -cp /etc/hostname $temp_dir/ -# Set us to have a default host name -cp /usr/share/doc/ +# Set us to have a default host name and hosts file +cp $config_dir/hostname /etc/hostname +cp $config_dir/hosts /etc/hosts # We need to prep apt to understand that we want packages from other repos -# We append to the current package list -cat << EOF >> /etc/apt/sources.list -# Tor's debian package repo: -deb http://deb.torproject.org/torproject.org squeeze main -deb http://deb.torproject.org/torproject.org experimental-squeeze main - -# Add Debian backports for OpenNTPD, libminiupnpc-dev, libminiupnpc5 -# http://packages.debian.org/squeeze-backports/libminiupnpc-dev -deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free - -# Add Debian experimental for libnatpmp0 -# http://packages.debian.org/experimental/libnatpmp0 -deb http://ftp.debian.org/debian experimental main -deb-src http://ftp.debian.org/debian experimental main - -EOF +cp $config_dir/sources.list /etc/apt/sources.list # We're creating this file to ensure we get updates -cat << 'EOF' > /etc/apt/preferences.d/backports -Package: * -Pin: release a=squeeze-backports -Pin-Priority: 200 -EOF +cp $config_dir/apt-preferences.d-backports /etc/apt/preferences.d/backports apt-get -y update +# Remove a bunch of stuff: +apt-get -y remove exim4-base exim4-config exim4-daemon-light dbus + +# Install the weird wireless control for the DreamPlug +apt-get install -y -t sid uaputl + # Install some other packages here: -apt-get -y install denyhosts ufw +apt-get -y install denyhosts ufw # Allow us to set the clock: apt-get -y -t squeeze-backports install openntpd @@ -63,6 +50,7 @@ apt-get -y -t squeeze-backports install openntpd apt-get -y install tor tor-geoipdb # To build with natpmp support +apt-get -y -t experimental install libnatpmp-dev apt-get -y -t experimental install libnatpmp0 # To build with miniupnpc support @@ -76,6 +64,9 @@ apt-get -y -t squeeze-backports install libminiupnpc5 # Install a Tor controller: apt-get -y install tor-arm +# Install the ttdnsd program: +apt-get -y install ttdnsd + # Install a normal dns cache for eth1 apt-get -y install dnsmasq @@ -84,65 +75,36 @@ apt-get -y install dnsmasq ## # Configure arm -zcat /usr/share/doc/tor-arm/armrc.sample.gz > ~$(ADMINUSER)/.armrc -# XXX This is where we will call torrc-takeover.py when it is packaged +zcat $config_dir/armrc.sample.gz > ~$(ADMINUSER)/.armrc -# XXX We should reconfigure /etc/inittab here +# Reconfigure /etc/inittab here +cp $config_dir/inittab /etc/inittab # Configure the network # eth0 is our "internet" interface with a dhcp client -cat << 'EOF' > /etc/network/interfaces -# The primary network interface -allow-hotplug eth0 -iface eth0 inet dhcp +cp $config_dir/interfaces /etc/network/interfaces -# -# XXX Configure eth1 and ap0 here -# +# Configure dnsmasq +cp $config_dir/dnsmasq.conf /etc/dnsmasq.conf -EOF +# Configure ntp +cp $config_dir/ntp.conf /etc/ntp.conf # XXX We should configure ufw here -# ufw allow # XXX We should configure denyhosts -# XXX We should configure dnsmasq -# XXX We should configure the DHCP server here - -cp /etc/tor/torrc $temp_dir/ -# configure Tor and stomp on the current Tor config -cat << 'EOF' > /etc/tor/torrc -# Run Tor as a bridge/relay only, not as a client -SocksPort 0 - -# What port to advertise for incoming Tor connections -ORPort 443 -# We're on a flash file system -AvoidDiskWrites 1 +cp $config_dir/torrc /etc/tor/torrc +cp $config_dir/ttdnsd-default /etc/default/ttdnsd -# Be a bridge -BridgeRelay 1 +# Configure sshd +cp $config_dir/sshd_config /etc/ssh/sshd_config -# Rate limited -BandwidthRate 50KB - -# Don't allow any Tor traffic to exit -Exitpolicy reject *:* - -# Allow a controller (tor-arm) on this system to configure Tor: -ControlPort 9051 -ControlListenAddress 127.0.0.1:9051 -CookieAuthentication 1 -EOF - -# Remove a bunch of stuff: -apt-get -y remove exim4-base exim4-config exim4-daemon-light dbus +# Clean up our cache +apt-get -y clean -## Disable ipv6 support -cp /etc/sysctl.d/disableipv6.conf $temp_dir/ +## Disable ipv6 support for now +cp $config_dir/modprobe.d-blacklist.conf /etc/modprobe.d/blacklist.conf echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/disableipv6.conf -cp /etc/sshd_config $temp_dir/ -echo "AddressFamily inet" >> /etc/ssh/ssh_config ## ## Restart services here @@ -150,9 +112,10 @@ echo "AddressFamily inet" >> /etc/ssh/ssh_config /etc/init.d/ssh restart /etc/init.d/tor restart +/etc/init.d/ttdnsd restart ## ## Touch a stamp to show that we're now a Torouter ## -echo "torouter" > /etc/torouter +echo "torouter $VERSION" > /etc/torouter -- cgit v1.2.3 From b0fa1713dd413ab26fba54aca2eaf03d3e18e89a Mon Sep 17 00:00:00 2001 From: Jacob Appelbaum Date: Thu, 18 Aug 2011 18:30:58 +0200 Subject: add torrouter key --- packages/torouter-prep/src/torouter_config.sh | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'packages/torouter-prep/src/torouter_config.sh') diff --git a/packages/torouter-prep/src/torouter_config.sh b/packages/torouter-prep/src/torouter_config.sh index aec9b48..5344411 100644 --- a/packages/torouter-prep/src/torouter_config.sh +++ b/packages/torouter-prep/src/torouter_config.sh @@ -20,8 +20,13 @@ useradd -g $ADMINGROUP -s /bin/bash $ADMINUSER # Install the Tor repo key # gpg --keyserver keys.gnupg.net --recv 886DDD89 # gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - +# This is the main Tor repo apt pubkey apt-get add $config_dir/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key +# This is the temp torrouter archive pubkey; this should be updated when we +# freeze this repo and know what we want to do +apt-get add $config_dir/047E6A24.asc + # Set us to have a default host name and hosts file cp $config_dir/hostname /etc/hostname cp $config_dir/hosts /etc/hosts -- cgit v1.2.3 From 7e495f7c032c5abc5a0d73eabcc5c468c836cbd8 Mon Sep 17 00:00:00 2001 From: Jacob Appelbaum Date: Thu, 18 Aug 2011 19:05:28 +0200 Subject: pin apt to stable --- packages/torouter-prep/configs/apt.conf | 1 + packages/torouter-prep/src/torouter_config.sh | 1 + 2 files changed, 2 insertions(+) create mode 100644 packages/torouter-prep/configs/apt.conf (limited to 'packages/torouter-prep/src/torouter_config.sh') diff --git a/packages/torouter-prep/configs/apt.conf b/packages/torouter-prep/configs/apt.conf new file mode 100644 index 0000000..4143a94 --- /dev/null +++ b/packages/torouter-prep/configs/apt.conf @@ -0,0 +1 @@ +APT::Default-Release "stable"; diff --git a/packages/torouter-prep/src/torouter_config.sh b/packages/torouter-prep/src/torouter_config.sh index 5344411..cec4606 100644 --- a/packages/torouter-prep/src/torouter_config.sh +++ b/packages/torouter-prep/src/torouter_config.sh @@ -36,6 +36,7 @@ cp $config_dir/sources.list /etc/apt/sources.list # We're creating this file to ensure we get updates cp $config_dir/apt-preferences.d-backports /etc/apt/preferences.d/backports +cp $config_dir/apt.conf /etc/apt/apt.conf apt-get -y update -- cgit v1.2.3 From 6e0105a193afc8f94ce6717e574a0e3442f41baa Mon Sep 17 00:00:00 2001 From: Jacob Appelbaum Date: Fri, 19 Aug 2011 01:10:22 +0200 Subject: fixup --- packages/torouter-prep/src/torouter_config.sh | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'packages/torouter-prep/src/torouter_config.sh') diff --git a/packages/torouter-prep/src/torouter_config.sh b/packages/torouter-prep/src/torouter_config.sh index cec4606..87df86b 100644 --- a/packages/torouter-prep/src/torouter_config.sh +++ b/packages/torouter-prep/src/torouter_config.sh @@ -2,13 +2,11 @@ export VERSION="0.1" -echo "This program will reconfigure your Debian system into a Torouter" -exit 0 -echo "This is where we'd take over the entire Torouter system" +echo "This program will now reconfigure your Debian system into a Torouter" # For every file we touch, move it to the temp_dir and then tar it up in the end export temp_dir="`mktemp -d`" -export config_dir="/usr/share/doc/torouter-prep/example-configs/" +export config_dir="/usr/share/torouter-prep/example-configs/" # Add a user to administrate the Torouter later export ADMINUSER="torouter" @@ -21,11 +19,11 @@ useradd -g $ADMINGROUP -s /bin/bash $ADMINUSER # gpg --keyserver keys.gnupg.net --recv 886DDD89 # gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - # This is the main Tor repo apt pubkey -apt-get add $config_dir/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key +apt-key add $config_dir/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key # This is the temp torrouter archive pubkey; this should be updated when we # freeze this repo and know what we want to do -apt-get add $config_dir/047E6A24.asc +apt-key add $config_dir/047E6A24.asc # Set us to have a default host name and hosts file cp $config_dir/hostname /etc/hostname -- cgit v1.2.3 From 1d9263de0b3546d8832eb071ec5afa9d17658bbf Mon Sep 17 00:00:00 2001 From: Jacob Appelbaum Date: Fri, 19 Aug 2011 01:26:45 +0200 Subject: add fixup --- packages/torouter-prep/src/torouter_config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'packages/torouter-prep/src/torouter_config.sh') diff --git a/packages/torouter-prep/src/torouter_config.sh b/packages/torouter-prep/src/torouter_config.sh index 87df86b..7d78f04 100644 --- a/packages/torouter-prep/src/torouter_config.sh +++ b/packages/torouter-prep/src/torouter_config.sh @@ -79,7 +79,7 @@ apt-get -y install dnsmasq ## # Configure arm -zcat $config_dir/armrc.sample.gz > ~$(ADMINUSER)/.armrc +zcat $config_dir/armrc.sample.gz > ~$ADMINUSER/.armrc # Reconfigure /etc/inittab here cp $config_dir/inittab /etc/inittab -- cgit v1.2.3