Initial commit of the code.

author: onefang 2019-10-10 12:30:30 +1000
committer: onefang 2019-10-10 12:30:30 +1000
commit: 5fc4d58b94f32268541172a4a22a57194deeb050 (patch)
tree: 8b9f7c0e6c366664221366e75db409b9a9b19566
parent: Init bare repo. (diff)
download: installMinimalDevuanASCII-5fc4d58b94f32268541172a4a22a57194deeb050.zip
installMinimalDevuanASCII-5fc4d58b94f32268541172a4a22a57194deeb050.tar.gz
installMinimalDevuanASCII-5fc4d58b94f32268541172a4a22a57194deeb050.tar.bz2
installMinimalDevuanASCII-5fc4d58b94f32268541172a4a22a57194deeb050.tar.xz
3 files changed, 400 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..fa1ec9e
--- /dev/null
+++ b/README.md
@@ -0,0 +1,8 @@
+A script to do a debootstrap install of Devuan ASCII.
+I wrote this long ago to install Devuan ASCII on my desktop and my remote
+server.  It's full of stuff that is specific to my needs.  It may be
+educational to someone.  I did intend to document it, but I got busy with
+other stuff.
+It assumes the existance of a fileSystem.tar.xz, which I'll commit later.
diff --git a/debootstrap_1.0.89-devuan2.1_all.deb b/debootstrap_1.0.89-devuan2.1_all.deb
new file mode 100644
index 0000000..fbd339e
--- /dev/null
+++ b/debootstrap_1.0.89-devuan2.1_all.deb
Binary files differ
diff --git a/installMinimalDevuanASCII.sh b/installMinimalDevuanASCII.sh
new file mode 100755
index 0000000..8d95f5e
--- /dev/null
+++ b/installMinimalDevuanASCII.sh
@@ -0,0 +1,392 @@
+# User tweakable parameters.
+#   GOLIVE - CACHE is only needed for the desktop during testing.
+#CACHE="sda23"
+DISK="sdb2"
+MIRROR="http://deb.devuan.org/"
+NS="8.8.8.8"
+#PASS="password"
+TYPE="server"
+TZ="Europe/Amsterdam"
+USER="onefang"
+WORK="/media/devuan_install"
+# Filter out the worst of the excess output.
+aptInstall ()
+{
+  chroot ${WORK} apt-get --yes install $* | grep -v -e "^Selecting previously unselected package " -e "^Preparing to unpack " -e "^ create mode " -e "^ rename "
+}
+# Setup the disk.
+umount /dev/${DISK}
+mkdir -p ${WORK}
+dpkg -i debootstrap_1.0.89-devuan2.1_all.deb
+mkfs.ext4 -j -O extent -L "" /dev/${DISK}
+sync
+mount /dev/${DISK} ${WORK}
+mkdir -p ${WORK}/var/cache/apt/archives
+#mount /dev/${CACHE} ${WORK}/var/cache/apt
+mount --bind /var/cache/apt/archives ${WORK}/var/cache/apt/archives
+# Various env variable tweaks.
+export DEBIAN_FRONTEND=readline
+export TERM=xterm-color
+export LANG=C.UTF-8
+# Prevent some leakage.
+export LD_LIBRARY_PATH=""
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin"
+export PKG_CONFIG_PATH=""
+export PYTHONINCLUDE=""
+export PYTHONPATH=""
+export XDG_DATA_DIRS=""
+# Start installing it.
+debootstrap --arch amd64 --variant=minbase --include=makedev,apt-utils,git,etckeeper,rsyslog,swapspace,debconf-utils ascii ${WORK} ${MIRROR}/merged
+# Setup the chroot.
+mount -o bind /sys ${WORK}/sys
+chroot ${WORK} /bin/bash <<- zzzEOFzzz
+  mount -t proc proc /proc
+  mount -t devpts devpts /dev/pts
+  cd /dev
+  echo "Filling /dev"
+  MAKEDEV generic
+  mknod /dev/${DISK} b 259 5
+  cd /
+  etckeeper post-install | grep -v -e "^ create mode " -e "^ rename "
+zzzEOFzzz
+# Turn off the daily etckeeper commits, and make it stop and complain when there are changes to be comitted.
+sed -i -e 's/#AVOID_DAILY_AUTOCOMMITS=1/AVOID_DAILY_AUTOCOMMITS=1/' -e 's/#AVOID_COMMIT_BEFORE_INSTALL=1/AVOID_COMMIT_BEFORE_INSTALL=1/' ${WORK}/etc/etckeeper/etckeeper.conf
+# Configure apt.
+cat > ${WORK}/etc/apt/sources.list <<- zzzEOFzzz
+        deb ${MIRROR}/merged ascii main contrib non-free
+        deb ${MIRROR}/merged ascii-security main contrib non-free
+        deb ${MIRROR}/merged ascii-updates main contrib non-free
+        deb ${MIRROR}/devuan ascii-proposed main contrib non-free
+        deb ${MIRROR}/merged ascii-backports main contrib non-free
+zzzEOFzzz
+# Keep things minimal.
+cat > ${WORK}/etc/apt/apt.conf.d/01lean <<- zzzEOFzzz
+        APT::Install-Recommends "0";
+        APT::AutoRemove::RecommendsImportant "false";
+zzzEOFzzz
+cat > ${WORK}/etc/apt/apt.conf.d/99synaptic <<- zzzEOFzzz
+        APT::Install-Recommends "false";
+zzzEOFzzz
+# Not sure, but may need different "profiles" in this file.
+cat > ${WORK}/etc/apt/listchanges.conf <<- zzzEOFzzz
+        [apt]
+        frontend=pager
+        pager=mcview
+        email_address=root
+        confirm=true
+        save_seen=/var/lib/apt/listchanges.db
+        which=both
+        headers=1
+zzzEOFzzz
+#cp /etc/fstab ${WORK}/etc/fstab
+cat > ${WORK}/etc/fstab <<- zzzEOFzzz
+        proc /proc proc nodev,noexec,nosuid 0 0
+        /dev/${DISK} / ext4 errors=remount-ro 0 1
+zzzEOFzzz
+cat > ${WORK}/etc/adjtime <<- zzzEOFzzz
+        0.0 0 0.0
+        0
+        UTC
+zzzEOFzzz
+cat > ${WORK}/etc/timezone <<- zzzEOFzzz
+        ${TZ}
+zzzEOFzzz
+rm ${WORK}/etc/localtime
+ln -s /usr/share/zoneinfo/${TZ} ${WORK}/etc/localtime
+# Provide pre canned answers, so this script can run with minimal user interaction.
+# Use something like this to find what to set here - debconf-get-selections | grep locales
+chroot ${WORK} debconf-set-selections <<- zzzEOFzzz
+        console-setup console-setup/codeset47 select # Latin1 and Latin5 - western Europe and Turkic languages
+        locales locales/locales_to_be_generated multiselect All locales
+        locales locales/default_environment_locale select en_AU.UTF-8
+        keyboard-configuration keyboard-configuration/layout select English (US)
+        grub-pc grub-pc/install_devices multiselect /dev/${DISK}
+        courier-base courier-base/webadmin-configmode boolean true
+        phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2
+        wireshark-common wireshark-common/install-setuid boolean false
+zzzEOFzzz
+# Create user, and set passwords.
+cp -r fileSystem/etc/skel/.[^.]* ${WORK}/etc/skel
+#chroot ${WORK} useradd -m -U ${USER} -G sudo -s /bin/bash
+cp -r fileSystem/etc/skel/.[^.]* ${WORK}/root
+#if [ -z "${PASS}" ]
+#then
+#  echo "User ${USER} - "
+#  chroot ${WORK} passwd ${USER}
+#  echo "User root - "
+#  chroot ${WORK} passwd
+#else
+#  chroot ${WORK} passwd ${USER} <<- zzzEOFzzz
+#       ${PASS}
+#       ${PASS}
+#zzzEOFzzz
+#  chroot ${WORK} passwd <<- zzzEOFzzz
+#       toor${PASS}
+#       toor${PASS}
+#zzzEOFzzz
+#fi
+# Update the debootstrap installed stuff.
+chroot ${WORK} /bin/bash <<- zzzEOFzzz
+  etckeeper commit "Initial 'manual' configurations." | grep -v -e "^ create mode " -e "^ rename "
+  apt-get update
+  apt-get --yes dist-upgrade | grep -v -e "^Selecting previously unselected package " -e "^Preparing to unpack " -e "^ create mode " -e "^ rename "
+zzzEOFzzz
+# Install kernel and friends.
+#chroot ${WORK} etckeeper commit "Tweak grub config." | grep -v -e "^ create mode " -e "^ rename "
+aptInstall linux-image-`dpkg --print-architecture` linux-headers-`dpkg --print-architecture` os-prober eudev bash-completion psmisc irqbalance grub2 \
+  firmware-linux firmware-misc-nonfree amd64-microcode intel-microcode
+# Install base stuff that everyone needs.
+aptInstall console-setup locales
+cat > ${WORK}/etc/default/console-setup <<- zzzEOFzzz
+        # CONFIGURATION FILE FOR SETUPCON
+        # Consult the console-setup(5) manual page.
+        ACTIVE_CONSOLES="/dev/tty[2-6]"
+        CHARMAP="UTF-8"
+        CODESET="Lat15"
+        FONTFACE="Terminus"
+        FONTSIZE="6x12"
+        VIDEOMODE=
+zzzEOFzzz
+cat > ${WORK}/etc/default/keyboard <<- zzzEOFzzz
+        # KEYBOARD CONFIGURATION FILE
+        # Consult the keyboard(5) manual page.
+        XKBMODEL="pc105"
+        XKBLAYOUT="us"
+        XKBVARIANT=""
+        XKBOPTIONS=""
+        BACKSPACE="guess"
+zzzEOFzzz
+cat > ${WORK}/etc/default/locale <<- zzzEOFzzz
+        LANG=en_AU.UTF-8
+zzzEOFzzz
+chroot ${WORK} etckeeper commit "Tweak console and keyboard configs." | grep -v -e "^ create mode " -e "^ rename "
+aptInstall busybox netbase net-tools iproute2 ifupdown isc-dhcp-client inetutils-ping ntp shorewall shorewall6 dnsutils lynx wget curl \
+  make dns-root-data resolvconf kmod openssh-server openssh-client traceroute keychain courier-mta cron maildrop
+# Prevent root from sshing in, and other sshd tweaks.
+sed -i -e 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' -e 's/#Port 22/Port 501/' \
+    -e 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' -e 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' ${WORK}/etc/ssh/sshd_config
+chroot ${WORK} etckeeper commit "Don't let root login to ssh, and other sshd tweaks." | grep -v -e "^ create mode " -e "^ rename "
+mkdir -p ${WORK}/etc/network/interfaces.d
+cp /etc/network/interfaces ${WORK}/etc/network/interfaces
+cp /etc/network/interfaces.d/* ${WORK}/etc/network/interfaces.d
+#cat > ${WORK}/etc/network/interfaces <<- zzzEOFzzz
+#       auto lo
+#       iface lo inet loopback
+#       allow-hotplug eth0
+#       auto eth0
+#       iface eth0 inet dhcp
+#       allow-hotplug eth1
+#       auto eth1
+#       iface eth1 inet dhcp
+#       allow-hotplug eth2
+#       auto eth2
+#       iface eth2 inet dhcp
+#zzzEOFzzz
+cp /etc/hosts ${WORK}/etc/hosts
+cp /etc/hostname ${WORK}/etc/hostname
+#cat > ${WORK}/etc/hosts <<- zzzEOFzzz
+#       127.0.0.1       localhost
+#       127.0.1.1       ${HOST}
+#       # The following lines are desirable for IPv6 capable hosts.
+#       ::1     localhost ip6-localhost ip6-loopback ${HOST}
+#       fe00::0 ip6-localnet
+#       ff00::0 ip6-mcastprefix
+#       ff02::1 ip6-allnodes
+#       ff02::2 ip6-allrouters
+#       ff02::3 ip6-allhosts
+#zzzEOFzzz
+# resolvconf changes this, desktop uses dnsmasq, server uses Google DNS, and we override it ourselves later anyway.
+#cat > ${WORK}/etc/resolv.conf <<- zzzEOFzzz
+#       nameserver ${NS}
+#zzzEOFzzz
+chroot ${WORK} etckeeper commit "Tweak network configs." | grep -v -e "^ create mode " -e "^ rename "
+# Install networking (and btrfs) stuff needed only by desktop.
+# Currently the server uses Google DNS directly, not dnsmasq.
+if [ "${TYPE}" == "desktop" ]
+then
+  if [ -f /etc/dnsmasq.conf ]; then aptInstall dnsmasq; fi
+  aptInstall ppp ndisc6 radvd mailfilter fetchmail btrfs-progs
+  # wide-dhcpv6-client
+  cp -r /etc/dnsmasq.d ${WORK}/etc
+  cp /etc/dnsmasq.conf ${WORK}/etc
+  cp -r /etc/ppp ${WORK}/etc
+  chroot ${WORK} etckeeper commit "Tweak desktop network configs." | grep -v -e "^ create mode " -e "^ rename "
+fi
+# Install other stuff that every one needs.
+aptInstall pciutils less man-db manpages mc sudo tmux arj bzip2 p7zip-full unace unar unrar-free sysv-rc-conf multitail logrotate logwatch \
+  smartmontools rkhunter nmap unhide lm-sensors tofrodos mlocate imagemagick molly-guard file expect debootstrap pinfo parted \
+  powermgmt-base checksecurity cruft-ng lsb-release wbritish monit gnupg2 gnupg-agent ssh-askpass whois fail2ban whiptail haveged hddtemp
+# logcheck tripwire | integrit | aide | samhain | fcheck debsecan ?
+# Install server stuff.
+# Don't do drupal7, coz that's a few versions behind, so still have to deal with it manually.
+# Plus, I'll want to upgrade to drupal8 sooner or later.
+aptInstall certbot courier-imap rsync mariadb-server mariadb-client apache2 polipo prosody-modules vsftpd openvpn easy-rsa bitlbee \
+   php7.0 php-pear php7.0-mysql php7.0-gd php7.0-mbstring php7.0-curl php7.0-bz2 libgd-tools php-apcu php-apcu-bc
+chroot ${WORK} adduser --system --shell /usr/sbin/nologin --no-create-home ovpn
+chroot ${WORK} groupadd ovpn
+chroot ${WORK} usermod -g ovpn ovpn
+#aptInstall phpmyadmin
+#cp -r /etc/bitlbee ${WORK}/etc
+#cp -r /var/lib/bitlbee ${WORK}/var/lib
+#chroot ${WORK} etckeeper commit "Tweak server configs." | grep -v -e "^ create mode " -e "^ rename "
+# Install developer stuff.
+aptInstall luajit luarocks uuid-runtime g++ check bison flex colorgcc colormake ccache distcc gdb pkg-config re2c lemon valgrind m4 patch \
+  cmake meson build-essential groff git-extras git-doc 
+aptInstall mono-complete mono-mcs nunit autoconf autogen automake autopoint gettext libtool doxygen nasm gpsim gputils picprog
+if [ "${TYPE}" == "desktop" ]
+then
+  # Add repos for the desktop.
+  cat > ${WORK}/etc/apt/sources.list.d/deb-multimedia.list <<- zzzEOFzzz
+        deb http://mirror.internode.on.net/pub/deb-multimedia/ stretch main non-free
+        deb http://mirror.internode.on.net/pub/deb-multimedia/ stretch-backports main
+zzzEOFzzz
+  cat > ${WORK}/etc/apt/sources.list.d/google-chrome.list <<- zzzEOFzzz
+        deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main
+zzzEOFzzz
+  cat > ${WORK}/etc/apt/sources.list.d/palemoon.list <<- zzzEOFzzz
+        deb http://download.opensuse.org/repositories/home:/stevenpusser/Debian_9.0/ /
+zzzEOFzzz
+  cat > ${WORK}/etc/apt/sources.list.d/signal.list <<- zzzEOFzzz
+        deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main
+zzzEOFzzz
+  chroot ${WORK} /bin/bash <<- zzzEOFzzz
+    wget http://www.deb-multimedia.org/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2016.8.1_all.deb -O deb-multimedia-keyring.deb
+    dpkg -i deb-multimedia-keyring.deb
+    wget -nv -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
+    wget -nv -O - https://download.opensuse.org/repositories/home:stevenpusser/Debian_9.0/Release.key | apt-key add -
+    wget -nv -O - https://updates.signal.org/desktop/apt/keys.asc | apt-key add -
+    rm deb-multimedia-keyring.deb
+    etckeeper commit "Adding external repos." | grep -v -e "^ create mode " -e "^ rename "
+    apt-get update
+    apt-get --yes dist-upgrade | grep -v -e "^Selecting previously unselected package " -e "^Preparing to unpack " -e "^ create mode " -e "^ rename "
+zzzEOFzzz
+  # Install basic X stuff.
+  aptInstall xinit x11-xserver-utils xserver-xorg libgl1-nvidia-glx nvidia-driver fonts-liberation xfonts-100dpi xfonts-75dpi xfonts-base xfonts-scalable xscreensaver
+  # Note - the wacom driver should be installed below, rather than above, otherwise I think that's what's stopping all input.
+  aptInstall lxdm lxde lxlauncher lxtask lxlock openbox obconf gtk2-engines-xfce menu xdg-utils menu-xdg desktop-base desktop-file-utils \
+    termit synaptic qgit git-cola suckless-tools stterm surf surf2 awesome awesome-extra lxqt qt4-qtconfig xserver-xorg-input-wacom
+  # Have LXDM show the keyboard selector, not show the list of users, and not show that huge Login: image.
+  sed -i -e 's/keyboard=0/keyboard=1/' -e 's/disable=0/disable=1/' \
+         -e 's\bg=/usr/share/images/desktop-base/login-background.svg\bg=/usr/share/images/desktop-base/your-way_darkpurpy-wide-large.svg\' ${WORK}/etc/lxdm/lxdm.conf
+  cp -r fileSystem/usr/share/lxdm/themes/Industrial/login.png ${WORK}/usr/share/lxdm/themes/Industrial
+  chroot ${WORK} etckeeper commit "Adjust lxdm config." | grep -v -e "^ create mode " -e "^ rename "
+  # Install other desktop stuff.
+  # NOTE - this drags in whiptail, or would if we didn't install it ourselves above.
+  aptInstall gparted qasmixer pulseaudio pavucontrol paman paprefs pavumeter gnome-colors geeqie smplayer smplayer-themes hexchat hexchat-plugins hexchat-otr hexchat-lua \
+    geany geany-plugin-addons geany-plugin-lua geany-plugin-markdown geany-plugin-scope geany-plugin-spellcheck
+  aptInstall claws-mail claws-mail-plugins claws-mail-extra-plugins claws-mail-themes claws-mail-tools clawsker keepassx keepass2 qalculate-gtk conky-all
+  aptInstall gimp gimp-cbmplugs gimp-data-extras gimp-dds gimp-gap gimp-gluas gimp-gmic gimp-help-common gimp-help-en gimp-lensfun gimp-plugin-registry gimp-texturize gimp-ufraw \
+    create-resources blender meld graphicsmagick makehuman dia dia-shapes inkscape muse musescore firefox-esr chromium dillo netsurf links2 ddd wireshark etherape spacenavd \
+    dasher cheese libreoffice linphone tortoisehg evince galternatives
+  aptInstall libvirt0 libvirt-deamon-system virt-manager virt-viewer virtinst qemu-utils qemu-kvm qemu-system-arm qemu-system-x86 qemu-system-misc qemu-efi fslint
+  # These all get updated from deb-multimedia, so don't install them before that's enabled.
+  aptInstall gstreamer1.0-plugins-good gstreamer1.0-plugins-bad gstreamer1.0-plugins-ugly vlc ffmpeg cinelerra
+  aptInstall google-chrome-stable palemoon signal-desktop
+fi
+# monitoring shit  docs
+# awstats collectd collectd-utils libmariadbclient18 libatasmart4
+# icinga icinga-doc fping nagios-images monitoring-plugins libjson-perl libdata-validate-domain-perl libdata-validate-ip-perl libmonitoring-plugin-perl
+# Some hacking of the external plugins is needed.  mailq, rbl.
+# Manually install CGraphz, coz it's not in the repo.
+# Make apt nicer.
+aptInstall apt-listbugs apt-listchanges apt-transport-https apt-show-versions apt-file apt-forktracer
+chroot ${WORK} apt-file update
+cp -r fileSystem/* ${WORK}
+#cp -r /etc/rsyslog.d ${WORK}/etc
+#cp -r /etc/sysctl.d ${WORK}/etc
+#cp /etc/sysctl.conf ${WORK}/etc
+#chroot ${WORK} chown -R ${USER}:${USER} /home/${USER}
+#cp /usr/share/sounds/* ${WORK}/usr/share/sounds
+#chroot ${WORK} etckeeper commit "Tweak the rest of the configs and file system." | grep -v -e "^ create mode " -e "^ rename "
+#chroot ${WORK} sensors-detect
+#chroot ${WORK} etckeeper commit "Detected sensors" | grep -v -e "^ create mode " -e "^ rename "
+# Clean up.
+chroot ${WORK} /bin/bash <<- zzzEOFzzz
+  sysv-rc-conf apache2 off
+  sysv-rc-conf avahi-daemon off
+  sysv-rc-conf bitlbee off
+  sysv-rc-conf courier off
+  sysv-rc-conf courier-authdaemon off
+  sysv-rc-conf courier-imap off
+  sysv-rc-conf courier-imap-ssl off
+  sysv-rc-conf courier-msa off
+  sysv-rc-conf courier-mta off
+  sysv-rc-conf courier-mta-ssl off
+  sysv-rc-conf courierfilter off
+  sysv-rc-conf distcc off
+  sysv-rc-conf fail2ban off
+  sysv-rc-conf fetchmail off
+  sysv-rc-conf monit off
+  sysv-rc-conf mysql off
+  sysv-rc-conf openvpn off
+  sysv-rc-conf polipo off
+  sysv-rc-conf prosody off
+  sysv-rc-conf radvd off
+  sysv-rc-conf rsync off
+  sysv-rc-conf spamassassin off
+  sysv-rc-conf vsftpd off
+  etckeeper commit "Turn off services." | grep -v -e "^ create mode " -e "^ rename "
+zzzEOFzzz
+chroot ${WORK} apt-get --yes autoremove
+chroot ${WORK} etckeeper commit "Cleaning out autoremoves." | grep -v -e "^ create mode " -e "^ rename "
+umount ${WORK}/dev/pts
+umount ${WORK}/proc
+umount ${WORK}/sys
+umount ${WORK}/var/cache/apt/archives
+#update-grub
author	onefang	2019-10-10 12:30:30 +1000
committer	onefang	2019-10-10 12:30:30 +1000
commit	5fc4d58b94f32268541172a4a22a57194deeb050 (patch)
tree	8b9f7c0e6c366664221366e75db409b9a9b19566
parent	Init bare repo. (diff)
download	installMinimalDevuanASCII-5fc4d58b94f32268541172a4a22a57194deeb050.zip installMinimalDevuanASCII-5fc4d58b94f32268541172a4a22a57194deeb050.tar.gz installMinimalDevuanASCII-5fc4d58b94f32268541172a4a22a57194deeb050.tar.bz2 installMinimalDevuanASCII-5fc4d58b94f32268541172a4a22a57194deeb050.tar.xz

diff --git a/README.md b/README.md new file mode 100644 index 0000000..fa1ec9e --- /dev/null +++ b/README.md
@@ -0,0 +1,8 @@
	1	A script to do a debootstrap install of Devuan ASCII.
	2
	3	I wrote this long ago to install Devuan ASCII on my desktop and my remote
	4	server. It's full of stuff that is specific to my needs. It may be
	5	educational to someone. I did intend to document it, but I got busy with
	6	other stuff.
	7
	8	It assumes the existance of a fileSystem.tar.xz, which I'll commit later.


diff --git a/debootstrap_1.0.89-devuan2.1_all.deb b/debootstrap_1.0.89-devuan2.1_all.deb new file mode 100644 index 0000000..fbd339e --- /dev/null +++ b/debootstrap_1.0.89-devuan2.1_all.deb
Binary files differ


diff --git a/installMinimalDevuanASCII.sh b/installMinimalDevuanASCII.sh new file mode 100755 index 0000000..8d95f5e --- /dev/null +++ b/installMinimalDevuanASCII.sh
@@ -0,0 +1,392 @@
	1	# User tweakable parameters.
	2	# GOLIVE - CACHE is only needed for the desktop during testing.
	3	#CACHE="sda23"
	4	DISK="sdb2"
	5	MIRROR="http://deb.devuan.org/"
	6	NS="8.8.8.8"
	7	#PASS="password"
	8	TYPE="server"
	9	TZ="Europe/Amsterdam"
	10	USER="onefang"
	11	WORK="/media/devuan_install"
	12
	13
	14	# Filter out the worst of the excess output.
	15	aptInstall ()
	16	{
	17	chroot ${WORK} apt-get --yes install $* \| grep -v -e "^Selecting previously unselected package " -e "^Preparing to unpack " -e "^ create mode " -e "^ rename "
	18	}
	19
	20
	21	# Setup the disk.
	22	umount /dev/${DISK}
	23	mkdir -p ${WORK}
	24	dpkg -i debootstrap_1.0.89-devuan2.1_all.deb
	25	mkfs.ext4 -j -O extent -L "" /dev/${DISK}
	26	sync
	27	mount /dev/${DISK} ${WORK}
	28	mkdir -p ${WORK}/var/cache/apt/archives
	29	#mount /dev/${CACHE} ${WORK}/var/cache/apt
	30	mount --bind /var/cache/apt/archives ${WORK}/var/cache/apt/archives
	31
	32
	33	# Various env variable tweaks.
	34	export DEBIAN_FRONTEND=readline
	35	export TERM=xterm-color
	36	export LANG=C.UTF-8
	37	# Prevent some leakage.
	38	export LD_LIBRARY_PATH=""
	39	export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin"
	40	export PKG_CONFIG_PATH=""
	41	export PYTHONINCLUDE=""
	42	export PYTHONPATH=""
	43	export XDG_DATA_DIRS=""
	44
	45
	46	# Start installing it.
	47	debootstrap --arch amd64 --variant=minbase --include=makedev,apt-utils,git,etckeeper,rsyslog,swapspace,debconf-utils ascii ${WORK} ${MIRROR}/merged
	48
	49	# Setup the chroot.
	50	mount -o bind /sys ${WORK}/sys
	51	chroot ${WORK} /bin/bash <<- zzzEOFzzz
	52	mount -t proc proc /proc
	53	mount -t devpts devpts /dev/pts
	54	cd /dev
	55	echo "Filling /dev"
	56	MAKEDEV generic
	57	mknod /dev/${DISK} b 259 5
	58	cd /
	59	etckeeper post-install \| grep -v -e "^ create mode " -e "^ rename "
	60	zzzEOFzzz
	61
	62
	63	# Turn off the daily etckeeper commits, and make it stop and complain when there are changes to be comitted.
	64	sed -i -e 's/#AVOID_DAILY_AUTOCOMMITS=1/AVOID_DAILY_AUTOCOMMITS=1/' -e 's/#AVOID_COMMIT_BEFORE_INSTALL=1/AVOID_COMMIT_BEFORE_INSTALL=1/' ${WORK}/etc/etckeeper/etckeeper.conf
	65
	66	# Configure apt.
	67	cat > ${WORK}/etc/apt/sources.list <<- zzzEOFzzz
	68	deb ${MIRROR}/merged ascii main contrib non-free
	69	deb ${MIRROR}/merged ascii-security main contrib non-free
	70	deb ${MIRROR}/merged ascii-updates main contrib non-free
	71	deb ${MIRROR}/devuan ascii-proposed main contrib non-free
	72	deb ${MIRROR}/merged ascii-backports main contrib non-free
	73	zzzEOFzzz
	74	# Keep things minimal.
	75	cat > ${WORK}/etc/apt/apt.conf.d/01lean <<- zzzEOFzzz
	76	APT::Install-Recommends "0";
	77	APT::AutoRemove::RecommendsImportant "false";
	78	zzzEOFzzz
	79	cat > ${WORK}/etc/apt/apt.conf.d/99synaptic <<- zzzEOFzzz
	80	APT::Install-Recommends "false";
	81	zzzEOFzzz
	82	# Not sure, but may need different "profiles" in this file.
	83	cat > ${WORK}/etc/apt/listchanges.conf <<- zzzEOFzzz
	84	[apt]
	85	frontend=pager
	86	pager=mcview
	87	email_address=root
	88	confirm=true
	89	save_seen=/var/lib/apt/listchanges.db
	90	which=both
	91	headers=1
	92	zzzEOFzzz
	93
	94	#cp /etc/fstab ${WORK}/etc/fstab
	95	cat > ${WORK}/etc/fstab <<- zzzEOFzzz
	96	proc /proc proc nodev,noexec,nosuid 0 0
	97	/dev/${DISK} / ext4 errors=remount-ro 0 1
	98	zzzEOFzzz
	99	cat > ${WORK}/etc/adjtime <<- zzzEOFzzz
	100	0.0 0 0.0
	101	0
	102	UTC
	103	zzzEOFzzz
	104	cat > ${WORK}/etc/timezone <<- zzzEOFzzz
	105	${TZ}
	106	zzzEOFzzz
	107	rm ${WORK}/etc/localtime
	108	ln -s /usr/share/zoneinfo/${TZ} ${WORK}/etc/localtime
	109
	110	# Provide pre canned answers, so this script can run with minimal user interaction.
	111	# Use something like this to find what to set here - debconf-get-selections \| grep locales
	112	chroot ${WORK} debconf-set-selections <<- zzzEOFzzz
	113	console-setup console-setup/codeset47 select # Latin1 and Latin5 - western Europe and Turkic languages
	114	locales locales/locales_to_be_generated multiselect All locales
	115	locales locales/default_environment_locale select en_AU.UTF-8
	116	keyboard-configuration keyboard-configuration/layout select English (US)
	117
	118	grub-pc grub-pc/install_devices multiselect /dev/${DISK}
	119
	120	courier-base courier-base/webadmin-configmode boolean true
	121	phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2
	122
	123	wireshark-common wireshark-common/install-setuid boolean false
	124	zzzEOFzzz
	125
	126
	127	# Create user, and set passwords.
	128	cp -r fileSystem/etc/skel/.[^.]* ${WORK}/etc/skel
	129	#chroot ${WORK} useradd -m -U ${USER} -G sudo -s /bin/bash
	130	cp -r fileSystem/etc/skel/.[^.]* ${WORK}/root
	131	#if [ -z "${PASS}" ]
	132	#then
	133	# echo "User ${USER} - "
	134	# chroot ${WORK} passwd ${USER}
	135	# echo "User root - "
	136	# chroot ${WORK} passwd
	137	#else
	138	# chroot ${WORK} passwd ${USER} <<- zzzEOFzzz
	139	# ${PASS}
	140	# ${PASS}
	141	#zzzEOFzzz
	142	# chroot ${WORK} passwd <<- zzzEOFzzz
	143	# toor${PASS}
	144	# toor${PASS}
	145	#zzzEOFzzz
	146	#fi
	147
	148
	149	# Update the debootstrap installed stuff.
	150	chroot ${WORK} /bin/bash <<- zzzEOFzzz
	151	etckeeper commit "Initial 'manual' configurations." \| grep -v -e "^ create mode " -e "^ rename "
	152	apt-get update
	153	apt-get --yes dist-upgrade \| grep -v -e "^Selecting previously unselected package " -e "^Preparing to unpack " -e "^ create mode " -e "^ rename "
	154	zzzEOFzzz
	155
	156
	157	# Install kernel and friends.
	158	#chroot ${WORK} etckeeper commit "Tweak grub config." \| grep -v -e "^ create mode " -e "^ rename "
	159	aptInstall linux-image-`dpkg --print-architecture` linux-headers-`dpkg --print-architecture` os-prober eudev bash-completion psmisc irqbalance grub2 \
	160	firmware-linux firmware-misc-nonfree amd64-microcode intel-microcode
	161
	162
	163	# Install base stuff that everyone needs.
	164	aptInstall console-setup locales
	165	cat > ${WORK}/etc/default/console-setup <<- zzzEOFzzz
	166	# CONFIGURATION FILE FOR SETUPCON
	167	# Consult the console-setup(5) manual page.
	168
	169	ACTIVE_CONSOLES="/dev/tty[2-6]"
	170	CHARMAP="UTF-8"
	171	CODESET="Lat15"
	172	FONTFACE="Terminus"
	173	FONTSIZE="6x12"
	174	VIDEOMODE=
	175	zzzEOFzzz
	176	cat > ${WORK}/etc/default/keyboard <<- zzzEOFzzz
	177	# KEYBOARD CONFIGURATION FILE
	178	# Consult the keyboard(5) manual page.
	179
	180	XKBMODEL="pc105"
	181	XKBLAYOUT="us"
	182	XKBVARIANT=""
	183	XKBOPTIONS=""
	184	BACKSPACE="guess"
	185	zzzEOFzzz
	186	cat > ${WORK}/etc/default/locale <<- zzzEOFzzz
	187	LANG=en_AU.UTF-8
	188	zzzEOFzzz
	189	chroot ${WORK} etckeeper commit "Tweak console and keyboard configs." \| grep -v -e "^ create mode " -e "^ rename "
	190
	191	aptInstall busybox netbase net-tools iproute2 ifupdown isc-dhcp-client inetutils-ping ntp shorewall shorewall6 dnsutils lynx wget curl \
	192	make dns-root-data resolvconf kmod openssh-server openssh-client traceroute keychain courier-mta cron maildrop
	193	# Prevent root from sshing in, and other sshd tweaks.
	194	sed -i -e 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' -e 's/#Port 22/Port 501/' \
	195	-e 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' -e 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/' ${WORK}/etc/ssh/sshd_config
	196	chroot ${WORK} etckeeper commit "Don't let root login to ssh, and other sshd tweaks." \| grep -v -e "^ create mode " -e "^ rename "
	197
	198
	199	mkdir -p ${WORK}/etc/network/interfaces.d
	200	cp /etc/network/interfaces ${WORK}/etc/network/interfaces
	201	cp /etc/network/interfaces.d/* ${WORK}/etc/network/interfaces.d
	202	#cat > ${WORK}/etc/network/interfaces <<- zzzEOFzzz
	203	# auto lo
	204	# iface lo inet loopback
	205	# allow-hotplug eth0
	206	# auto eth0
	207	# iface eth0 inet dhcp
	208	# allow-hotplug eth1
	209	# auto eth1
	210	# iface eth1 inet dhcp
	211	# allow-hotplug eth2
	212	# auto eth2
	213	# iface eth2 inet dhcp
	214	#zzzEOFzzz
	215	cp /etc/hosts ${WORK}/etc/hosts
	216	cp /etc/hostname ${WORK}/etc/hostname
	217	#cat > ${WORK}/etc/hosts <<- zzzEOFzzz
	218	# 127.0.0.1 localhost
	219	# 127.0.1.1 ${HOST}
	220
	221	# # The following lines are desirable for IPv6 capable hosts.
	222	# ::1 localhost ip6-localhost ip6-loopback ${HOST}
	223	# fe00::0 ip6-localnet
	224	# ff00::0 ip6-mcastprefix
	225	# ff02::1 ip6-allnodes
	226	# ff02::2 ip6-allrouters
	227	# ff02::3 ip6-allhosts
	228	#zzzEOFzzz
	229	# resolvconf changes this, desktop uses dnsmasq, server uses Google DNS, and we override it ourselves later anyway.
	230	#cat > ${WORK}/etc/resolv.conf <<- zzzEOFzzz
	231	# nameserver ${NS}
	232	#zzzEOFzzz
	233	chroot ${WORK} etckeeper commit "Tweak network configs." \| grep -v -e "^ create mode " -e "^ rename "
	234
	235	# Install networking (and btrfs) stuff needed only by desktop.
	236	# Currently the server uses Google DNS directly, not dnsmasq.
	237	if [ "${TYPE}" == "desktop" ]
	238	then
	239	if [ -f /etc/dnsmasq.conf ]; then aptInstall dnsmasq; fi
	240	aptInstall ppp ndisc6 radvd mailfilter fetchmail btrfs-progs
	241	# wide-dhcpv6-client
	242	cp -r /etc/dnsmasq.d ${WORK}/etc
	243	cp /etc/dnsmasq.conf ${WORK}/etc
	244	cp -r /etc/ppp ${WORK}/etc
	245	chroot ${WORK} etckeeper commit "Tweak desktop network configs." \| grep -v -e "^ create mode " -e "^ rename "
	246	fi
	247
	248
	249	# Install other stuff that every one needs.
	250	aptInstall pciutils less man-db manpages mc sudo tmux arj bzip2 p7zip-full unace unar unrar-free sysv-rc-conf multitail logrotate logwatch \
	251	smartmontools rkhunter nmap unhide lm-sensors tofrodos mlocate imagemagick molly-guard file expect debootstrap pinfo parted \
	252	powermgmt-base checksecurity cruft-ng lsb-release wbritish monit gnupg2 gnupg-agent ssh-askpass whois fail2ban whiptail haveged hddtemp
	253	# logcheck tripwire \| integrit \| aide \| samhain \| fcheck debsecan ?
	254
	255
	256	# Install server stuff.
	257	# Don't do drupal7, coz that's a few versions behind, so still have to deal with it manually.
	258	# Plus, I'll want to upgrade to drupal8 sooner or later.
	259	aptInstall certbot courier-imap rsync mariadb-server mariadb-client apache2 polipo prosody-modules vsftpd openvpn easy-rsa bitlbee \
	260	php7.0 php-pear php7.0-mysql php7.0-gd php7.0-mbstring php7.0-curl php7.0-bz2 libgd-tools php-apcu php-apcu-bc
	261	chroot ${WORK} adduser --system --shell /usr/sbin/nologin --no-create-home ovpn
	262	chroot ${WORK} groupadd ovpn
	263	chroot ${WORK} usermod -g ovpn ovpn
	264	#aptInstall phpmyadmin
	265	#cp -r /etc/bitlbee ${WORK}/etc
	266	#cp -r /var/lib/bitlbee ${WORK}/var/lib
	267	#chroot ${WORK} etckeeper commit "Tweak server configs." \| grep -v -e "^ create mode " -e "^ rename "
	268
	269
	270	# Install developer stuff.
	271	aptInstall luajit luarocks uuid-runtime g++ check bison flex colorgcc colormake ccache distcc gdb pkg-config re2c lemon valgrind m4 patch \
	272	cmake meson build-essential groff git-extras git-doc
	273	aptInstall mono-complete mono-mcs nunit autoconf autogen automake autopoint gettext libtool doxygen nasm gpsim gputils picprog
	274
	275
	276	if [ "${TYPE}" == "desktop" ]
	277	then
	278	# Add repos for the desktop.
	279	cat > ${WORK}/etc/apt/sources.list.d/deb-multimedia.list <<- zzzEOFzzz
	280	deb http://mirror.internode.on.net/pub/deb-multimedia/ stretch main non-free
	281	deb http://mirror.internode.on.net/pub/deb-multimedia/ stretch-backports main
	282	zzzEOFzzz
	283	cat > ${WORK}/etc/apt/sources.list.d/google-chrome.list <<- zzzEOFzzz
	284	deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main
	285	zzzEOFzzz
	286	cat > ${WORK}/etc/apt/sources.list.d/palemoon.list <<- zzzEOFzzz
	287	deb http://download.opensuse.org/repositories/home:/stevenpusser/Debian_9.0/ /
	288	zzzEOFzzz
	289	cat > ${WORK}/etc/apt/sources.list.d/signal.list <<- zzzEOFzzz
	290	deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main
	291	zzzEOFzzz
	292	chroot ${WORK} /bin/bash <<- zzzEOFzzz
	293	wget http://www.deb-multimedia.org/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2016.8.1_all.deb -O deb-multimedia-keyring.deb
	294	dpkg -i deb-multimedia-keyring.deb
	295	wget -nv -O - https://dl-ssl.google.com/linux/linux_signing_key.pub \| apt-key add -
	296	wget -nv -O - https://download.opensuse.org/repositories/home:stevenpusser/Debian_9.0/Release.key \| apt-key add -
	297	wget -nv -O - https://updates.signal.org/desktop/apt/keys.asc \| apt-key add -
	298	rm deb-multimedia-keyring.deb
	299	etckeeper commit "Adding external repos." \| grep -v -e "^ create mode " -e "^ rename "
	300	apt-get update
	301	apt-get --yes dist-upgrade \| grep -v -e "^Selecting previously unselected package " -e "^Preparing to unpack " -e "^ create mode " -e "^ rename "
	302	zzzEOFzzz
	303
	304
	305	# Install basic X stuff.
	306	aptInstall xinit x11-xserver-utils xserver-xorg libgl1-nvidia-glx nvidia-driver fonts-liberation xfonts-100dpi xfonts-75dpi xfonts-base xfonts-scalable xscreensaver
	307	# Note - the wacom driver should be installed below, rather than above, otherwise I think that's what's stopping all input.
	308	aptInstall lxdm lxde lxlauncher lxtask lxlock openbox obconf gtk2-engines-xfce menu xdg-utils menu-xdg desktop-base desktop-file-utils \
	309	termit synaptic qgit git-cola suckless-tools stterm surf surf2 awesome awesome-extra lxqt qt4-qtconfig xserver-xorg-input-wacom
	310	# Have LXDM show the keyboard selector, not show the list of users, and not show that huge Login: image.
	311	sed -i -e 's/keyboard=0/keyboard=1/' -e 's/disable=0/disable=1/' \
	312	-e 's\bg=/usr/share/images/desktop-base/login-background.svg\bg=/usr/share/images/desktop-base/your-way_darkpurpy-wide-large.svg\' ${WORK}/etc/lxdm/lxdm.conf
	313	cp -r fileSystem/usr/share/lxdm/themes/Industrial/login.png ${WORK}/usr/share/lxdm/themes/Industrial
	314	chroot ${WORK} etckeeper commit "Adjust lxdm config." \| grep -v -e "^ create mode " -e "^ rename "
	315
	316
	317	# Install other desktop stuff.
	318	# NOTE - this drags in whiptail, or would if we didn't install it ourselves above.
	319	aptInstall gparted qasmixer pulseaudio pavucontrol paman paprefs pavumeter gnome-colors geeqie smplayer smplayer-themes hexchat hexchat-plugins hexchat-otr hexchat-lua \
	320	geany geany-plugin-addons geany-plugin-lua geany-plugin-markdown geany-plugin-scope geany-plugin-spellcheck
	321	aptInstall claws-mail claws-mail-plugins claws-mail-extra-plugins claws-mail-themes claws-mail-tools clawsker keepassx keepass2 qalculate-gtk conky-all
	322	aptInstall gimp gimp-cbmplugs gimp-data-extras gimp-dds gimp-gap gimp-gluas gimp-gmic gimp-help-common gimp-help-en gimp-lensfun gimp-plugin-registry gimp-texturize gimp-ufraw \
	323	create-resources blender meld graphicsmagick makehuman dia dia-shapes inkscape muse musescore firefox-esr chromium dillo netsurf links2 ddd wireshark etherape spacenavd \
	324	dasher cheese libreoffice linphone tortoisehg evince galternatives
	325	aptInstall libvirt0 libvirt-deamon-system virt-manager virt-viewer virtinst qemu-utils qemu-kvm qemu-system-arm qemu-system-x86 qemu-system-misc qemu-efi fslint
	326	# These all get updated from deb-multimedia, so don't install them before that's enabled.
	327	aptInstall gstreamer1.0-plugins-good gstreamer1.0-plugins-bad gstreamer1.0-plugins-ugly vlc ffmpeg cinelerra
	328	aptInstall google-chrome-stable palemoon signal-desktop
	329	fi
	330
	331	# monitoring shit docs
	332	# awstats collectd collectd-utils libmariadbclient18 libatasmart4
	333	# icinga icinga-doc fping nagios-images monitoring-plugins libjson-perl libdata-validate-domain-perl libdata-validate-ip-perl libmonitoring-plugin-perl
	334	# Some hacking of the external plugins is needed. mailq, rbl.
	335	# Manually install CGraphz, coz it's not in the repo.
	336
	337
	338	# Make apt nicer.
	339	aptInstall apt-listbugs apt-listchanges apt-transport-https apt-show-versions apt-file apt-forktracer
	340	chroot ${WORK} apt-file update
	341
	342
	343	cp -r fileSystem/* ${WORK}
	344	#cp -r /etc/rsyslog.d ${WORK}/etc
	345	#cp -r /etc/sysctl.d ${WORK}/etc
	346	#cp /etc/sysctl.conf ${WORK}/etc
	347	#chroot ${WORK} chown -R ${USER}:${USER} /home/${USER}
	348	#cp /usr/share/sounds/* ${WORK}/usr/share/sounds
	349	#chroot ${WORK} etckeeper commit "Tweak the rest of the configs and file system." \| grep -v -e "^ create mode " -e "^ rename "
	350
	351
	352	#chroot ${WORK} sensors-detect
	353	#chroot ${WORK} etckeeper commit "Detected sensors" \| grep -v -e "^ create mode " -e "^ rename "
	354
	355
	356	# Clean up.
	357
	358	chroot ${WORK} /bin/bash <<- zzzEOFzzz
	359	sysv-rc-conf apache2 off
	360	sysv-rc-conf avahi-daemon off
	361	sysv-rc-conf bitlbee off
	362	sysv-rc-conf courier off
	363	sysv-rc-conf courier-authdaemon off
	364	sysv-rc-conf courier-imap off
	365	sysv-rc-conf courier-imap-ssl off
	366	sysv-rc-conf courier-msa off
	367	sysv-rc-conf courier-mta off
	368	sysv-rc-conf courier-mta-ssl off
	369	sysv-rc-conf courierfilter off
	370	sysv-rc-conf distcc off
	371	sysv-rc-conf fail2ban off
	372	sysv-rc-conf fetchmail off
	373	sysv-rc-conf monit off
	374	sysv-rc-conf mysql off
	375	sysv-rc-conf openvpn off
	376	sysv-rc-conf polipo off
	377	sysv-rc-conf prosody off
	378	sysv-rc-conf radvd off
	379	sysv-rc-conf rsync off
	380	sysv-rc-conf spamassassin off
	381	sysv-rc-conf vsftpd off
	382	etckeeper commit "Turn off services." \| grep -v -e "^ create mode " -e "^ rename "
	383	zzzEOFzzz
	384
	385	chroot ${WORK} apt-get --yes autoremove
	386	chroot ${WORK} etckeeper commit "Cleaning out autoremoves." \| grep -v -e "^ create mode " -e "^ rename "
	387	umount ${WORK}/dev/pts
	388	umount ${WORK}/proc
	389	umount ${WORK}/sys
	390	umount ${WORK}/var/cache/apt/archives
	391
	392	#update-grub