# d8888 .d88888b. .d8888b. # d88888 d88P" "Y88b d88P Y88b # d88P888 888 888 Y88b. # d88P 888 88888b. .d88b. 88888b. 888 888 "Y888b. # d88P 888 888 "88b d88""88b 888 "88b 888 888 "Y88b. # d88P 888 888 888 888 888 888 888 888 888 "888 # d8888888888 888 888 Y88..88P 888 888 Y88b. .d88P Y88b d88P # d88P 888 888 888 "Y88P" 888 888 "Y88888P" "Y8888P" #------------------------------------------------------------------ # Check out the full project at http://typewith.me/AnonOS # # Filename: base.ks # # This is the base kickstart file for all AnonOS builds. It will not make a functional LiveCD by itself. However, packages and scripts put here will be included in all builds, although they can be removed as needed. # # Most of the work here is credited to the Fedora Developers who created the original liveCD kickstarts. #------------------------------------------------------------------------- # Developers: #------------------------------------------------------------------------ # Sephiroth - Compiled this kickstart. I'm not at all knowledgeable with programming or scripting, so you're going to have to help me here. Scripts are needed to rebrand this system from Fedora, add I2p and bitcoin, install Firefox add-ons, and other awesome stuff. # #------------------------------------------------------------------------- # General Settings #------------------------------------------------------------------------- # Localization # You could override these settings to add localization suites for specific countries. Just import this base, and add the required packages. Here's an example for German: http://typewith.me/german-localization http://preview.tinyurl.com/4wf3ml7 # lang en_US.UTF-8 keyboard us timezone US/Eastern auth --useshadow --enablemd5 selinux --enforcing firewall --enabled --service=mdns xconfig --startxonboot part / --size 3072 --fstype ext4 services --enabled=NetworkManager --disabled=network,sshd #------------------------------------------------------------------------- # Package Repositories #------------------------------------------------------------------------- # We need to make our own repos for our own RPM packages. If you have a server, please help us! # Fedora repos. #repo --name=rawhide --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=$basearch repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-14&arch=$basearch repo --name=updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f14&arch=$basearch #repo --name=updates-testing --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-f14&arch=$basearch #RPMFusion. It gives you more apps. repo --name=rpmfusion-free --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-14&arch=i386 repo --name=rpmfusion-free-updates --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-14&arch=i386 repo --name=rpmfusion-nonfree --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-14&arch=i386 repo --name=rpmfusion-nonfree-updates --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-updates-released-14&arch=i386 #Adobe flash repos. Look, Gnash sucks. #We may want flashblock on firefox... although, a linux script needs to be made to do it. repo --name=adobe-linux-i386 --baseurl=http://linuxdownload.adobe.com/linux/i386/ #Tor repos. repo --name=tor --baseurl=http://deb.torproject.org/torproject.org/rpm/fc14/ #------------------------------------------------------------------------- # Base Packages. #------------------------------------------------------------------------- %packages @base-x @base @core #@fonts # better to get only what's needed than include all of them @input-methods # use a small pinyin db for live -ibus-pinyin-db-open-phrase ibus-pinyin-db-android @admin-tools @dial-up @hardware-support @printing # Explicitly specified here: # walters: because otherwise dependency loops cause yum issues. kernel # This was added a while ago, I think it falls into the category of "Diagnosis/recovery tool useful from a Live OS image". Leaving this untouched for now. memtest86+ # The point of a live image is to install anaconda isomd5sum #---------------------------- # Fonts. If localizing, remember to add your own fonts if "Droid Sans" doesn't support that language. (Like, Hindi or Tibetian...) #---------------------------- liberation-mono-fonts liberation-sans-fonts liberation-serif-fonts google-droid-sans-fonts # Droid Sans is the best. google-droid-sans-mono-fonts google-droid-serif-fonts dejavu-sans-fonts dejavu-sans-mono-fonts dejavu-serif-fonts #------------------------------------------------------------------------- # Standard packages for all Kickstarts. You can edit this. #------------------------------------------------------------------------- # Security macchanger # FIXME: In order for macchanger to #-work, we need to set it to start on #-each boot. I have no idea how to do that. wipe #realcrypt # Sadly, screw realcrypt. The GUI #-doesn't work, and truecrypt files #-can't be mounted if they weren't made #-using realcrypt. Stay away. # Actually, mounting will work if you do this: http://fedoraforum.org/leigh123linux/badday_Screenshot.png #We need to install actual Truecrypt somehow, like through a script. steghide # Steghide allows you to encrypt info SteGUI # -in a picture or a wav. # Internet Security tor # FIXME: for vidalia to work, the Tor privoxy # -and Privoxy Daemons need to be turned off. vidalia # Someone help add an I2P RPM here... # internet browsers midori # It's runs as fast as Google Chrome, but #-with less of the, you know, creepy tracking. links # links is a light, initutive CLI browser. # I want SRWare Iron here, To do that, we need to install chromium, extract the contents of Iron's linux archive to "/usr/lib/", then make a link to it in "/usr/bin". # Other internetz claws-mail # I put claws-mail because it is safer than # -thunderbird, as it has support for tor. twinkle # SIP/VOIP Phone. It was put in polippix, #-so it's gotta be good. aircrack-ng # IRC irssi epic lostirc # office abiword # Lighter than Libre/OpenOffice. gnumeric # audio & video vlc # VLC or GXine? You choose. (Default is VLC) mozilla-vlc #gxine #gxine-mozplugin # system # Command line #wget # Is wget needed? Commented out. terminator # MOAR TERMINALZ, MOAR FUN. # Metadata wipers, to remove identifying info from created data. jhead #FIXME: We need one for PDF. %end #------------------------------------------------------------------------- # Scripts to run after install #------------------------------------------------------------------------- # Most of the below relate to making a livecd, so there probably isn't any need to edit this. Still, read them for a good example. # %post # This creates a script in /etc/rc.d/init.d/ to implement liveCD hacks. # FIXME: it'd be better to get this installed from a package cat > /etc/rc.d/init.d/livesys << EOF #!/bin/bash # # live: Init script for live image # # chkconfig: 345 00 99 # description: Init script for live image. . /etc/init.d/functions if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ]; then exit 0 fi if [ -e /.liveimg-configured ] ; then configdone=1 fi exists() { which \$1 >/dev/null 2>&1 || return \$* } touch /.liveimg-configured # mount live image if [ -b \`readlink -f /dev/live\` ]; then mkdir -p /mnt/live mount -o ro /dev/live /mnt/live 2>/dev/null || mount /dev/live /mnt/live fi livedir="LiveOS" for arg in \`cat /proc/cmdline\` ; do if [ "\${arg##live_dir=}" != "\${arg}" ]; then livedir=\${arg##live_dir=} return fi done # enable swaps unless requested otherwise swaps=\`blkid -t TYPE=swap -o device\` if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then for s in \$swaps ; do action "Enabling swap partition \$s" swapon \$s done fi if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /mnt/live/\${livedir}/swap.img ] ; then action "Enabling swap file" swapon /mnt/live/\${livedir}/swap.img fi mountPersistentHome() { # support label/uuid if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then homedev=\`/sbin/blkid -o device -t "\$homedev"\` fi # if we're given a file rather than a blockdev, loopback it if [ "\${homedev##mtd}" != "\${homedev}" ]; then # mtd devs don't have a block device but get magic-mounted with -t jffs2 mountopts="-t jffs2" elif [ ! -b "\$homedev" ]; then loopdev=\`losetup -f\` if [ "\${homedev##/mnt/live}" != "\${homedev}" ]; then action "Remounting live store r/w" mount -o remount,rw /mnt/live fi losetup \$loopdev \$homedev homedev=\$loopdev fi # if it's encrypted, we need to unlock it if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then echo echo "Setting up encrypted /home device" plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome" homedev=/dev/mapper/EncHome fi # and finally do the mount mount \$mountopts \$homedev /home # if we have /home under what's passed for persistent home, then # we should make that the real /home. useful for mtd device on olpc if [ -d /home/home ]; then mount --bind /home/home /home ; fi [ -x /sbin/restorecon ] && /sbin/restorecon /home if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi } findPersistentHome() { for arg in \`cat /proc/cmdline\` ; do if [ "\${arg##persistenthome=}" != "\${arg}" ]; then homedev=\${arg##persistenthome=} return fi done } if strstr "\`cat /proc/cmdline\`" persistenthome= ; then findPersistentHome elif [ -e /mnt/live/\${livedir}/home.img ]; then homedev=/mnt/live/\${livedir}/home.img fi # if we have a persistent /home, then we want to go ahead and mount it if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then action "Mounting persistent /home" mountPersistentHome fi # make it so that we don't do writing to the overlay for things which # are just tmpdirs/caches mount -t tmpfs -o mode=0755 varcacheyum /var/cache/yum mount -t tmpfs tmp /tmp mount -t tmpfs vartmp /var/tmp [ -x /sbin/restorecon ] && /sbin/restorecon /var/cache/yum /tmp /var/tmp >/dev/null 2>&1 if [ -n "\$configdone" ]; then exit 0 fi # add fedora user with no passwd action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser passwd -d liveuser > /dev/null # turn off firstboot for livecd boots chkconfig --level 345 firstboot off 2>/dev/null # We made firstboot a native systemd service, so it can no longer be turned # off with chkconfig. It should be possible to turn it off with systemctl, but # that doesn't work right either. For now, this is good enough: the firstboot # service will start up, but this tells it not to run firstboot. I suspect the # other services 'disabled' below are not actually getting disabled properly, # with systemd, but we can look into that later. - AdamW 2010/08 F14Alpha echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot # don't start yum-updatesd for livecd boots chkconfig --level 345 yum-updatesd off 2>/dev/null # turn off mdmonitor by default chkconfig --level 345 mdmonitor off 2>/dev/null # turn off setroubleshoot on the live image to preserve resources chkconfig --level 345 setroubleshoot off 2>/dev/null # don't do packagekit checking by default gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_updates never >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_upgrades never >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_refresh_cache never >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_available false >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_distro_upgrades false >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_firmware false >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_hardware false >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_codec_helper false >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_font_helper false >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_mime_type_helper false >/dev/null # don't start cron/at as they tend to spawn things which are # disk intensive that are painful on a live image chkconfig --level 345 crond off 2>/dev/null chkconfig --level 345 atd off 2>/dev/null chkconfig --level 345 anacron off 2>/dev/null chkconfig --level 345 readahead_early off 2>/dev/null chkconfig --level 345 readahead_later off 2>/dev/null # Stopgap fix for RH #217966; should be fixed in HAL instead touch /media/.hal-mtab # workaround clock syncing on shutdown that we don't want (#297421) sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt # and hack so that we eject the cd on shutdown if we're using a CD... if strstr "\`cat /proc/cmdline\`" CDLABEL= ; then cat >> /sbin/halt.local << FOE #!/bin/bash # XXX: This often gets stuck during shutdown because /etc/init.d/halt # (or something else still running) wants to read files from the block\ # device that was ejected. Disable for now. Bug #531924 # we want to eject the cd on halt, but let's also try to avoid # io errors due to not being able to get files... #cat /sbin/halt > /dev/null #cat /sbin/reboot > /dev/null #/usr/sbin/eject -p -m \$(readlink -f /dev/live) >/dev/null 2>&1 #echo "Please remove the CD from your drive and press Enter to finish restarting" #read -t 30 < /dev/console FOE chmod +x /sbin/halt.local fi EOF # bah, hal starts way too late # This script runs after the above one cat > /etc/rc.d/init.d/livesys-late << EOF #!/bin/bash # # live: Late init script for live image # # chkconfig: 345 99 01 # description: Late init script for live image. . /etc/init.d/functions if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then exit 0 fi exists() { which \$1 >/dev/null 2>&1 || return \$* } touch /.liveimg-late-configured # read some variables out of /proc/cmdline for o in \`cat /proc/cmdline\` ; do case \$o in ks=*) ks="--kickstart=\${o#ks=}" ;; xdriver=*) xdriver="\${o#xdriver=}" ;; esac done # if liveinst or textinst is given, start anaconda if strstr "\`cat /proc/cmdline\`" liveinst ; then plymouth --quit /usr/sbin/liveinst \$ks fi if strstr "\`cat /proc/cmdline\`" textinst ; then plymouth --quit /usr/sbin/liveinst --text \$ks fi # configure X, allowing user to override xdriver if [ -n "\$xdriver" ]; then cat > /etc/X11/xorg.conf.d/00-xdriver.conf <