# d8888 .d88888b. .d8888b.
# d88888 d88P" "Y88b d88P Y88b
# d88P888 888 888 Y88b.
# d88P 888 88888b. .d88b. 88888b. 888 888 "Y888b.
# d88P 888 888 "88b d88""88b 888 "88b 888 888 "Y88b.
# d88P 888 888 888 888 888 888 888 888 888 "888
# d8888888888 888 888 Y88..88P 888 888 Y88b. .d88P Y88b d88P
# d88P 888 888 888 "Y88P" 888 888 "Y88888P" "Y8888P"
#------------------------------------------------------------------
# Check out the full project at http://typewith.me/AnonOS
#
# Filename: base.ks
#
# This is the base kickstart file for all AnonOS builds. It will not make a functional LiveCD by itself. However, packages and scripts put here will be included in all builds, although they can be removed as needed.
#
# Most of the work here is credited to the Fedora Developers who created the original liveCD kickstarts.
#-------------------------------------------------------------------------
# Developers:
#------------------------------------------------------------------------
# Sephiroth - Compiled this kickstart. I'm not at all knowledgeable with programming or scripting, so you're going to have to help me here. Scripts are needed to rebrand this system from Fedora, add I2p and bitcoin, install Firefox add-ons, and other awesome stuff.
#
#-------------------------------------------------------------------------
# General Settings
#-------------------------------------------------------------------------
# Localization
# You could override these settings to add localization suites for specific countries. Just import this base, and add the required packages. Here's an example for German: http://typewith.me/german-localization http://preview.tinyurl.com/4wf3ml7
#
lang en_US.UTF-8
keyboard us
timezone US/Eastern
auth --useshadow --enablemd5
selinux --enforcing
firewall --enabled --service=mdns
xconfig --startxonboot
part / --size 3072 --fstype ext4
services --enabled=NetworkManager --disabled=network,sshd
#-------------------------------------------------------------------------
# Package Repositories
#-------------------------------------------------------------------------
# We need to make our own repos for our own RPM packages. If you have a server, please help us!
# Fedora repos.
#repo --name=rawhide --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=$basearch
repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-14&arch=$basearch
repo --name=updates --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f14&arch=$basearch
#repo --name=updates-testing --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-f14&arch=$basearch
#RPMFusion. It gives you more apps.
repo --name=rpmfusion-free --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-14&arch=i386
repo --name=rpmfusion-free-updates --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-14&arch=i386
repo --name=rpmfusion-nonfree --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-14&arch=i386
repo --name=rpmfusion-nonfree-updates --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-updates-released-14&arch=i386
#Adobe flash repos. Look, Gnash sucks.
#We may want flashblock on firefox... although, a linux script needs to be made to do it.
repo --name=adobe-linux-i386 --baseurl=http://linuxdownload.adobe.com/linux/i386/
#Tor repos.
repo --name=tor --baseurl=http://deb.torproject.org/torproject.org/rpm/fc14/
#-------------------------------------------------------------------------
# Base Packages.
#-------------------------------------------------------------------------
%packages
@base-x
@base
@core
#@fonts # better to get only what's needed than include all of them
@input-methods
# use a small pinyin db for live
-ibus-pinyin-db-open-phrase
ibus-pinyin-db-android
@admin-tools
@dial-up
@hardware-support
@printing
# Explicitly specified here:
# <notting> walters: because otherwise dependency loops cause yum issues.
kernel
# This was added a while ago, I think it falls into the category of "Diagnosis/recovery tool useful from a Live OS image". Leaving this untouched for now.
memtest86+
# The point of a live image is to install
anaconda
isomd5sum
#----------------------------
# Fonts. If localizing, remember to add your own fonts if "Droid Sans" doesn't support that language. (Like, Hindi or Tibetian...)
#----------------------------
liberation-mono-fonts
liberation-sans-fonts
liberation-serif-fonts
google-droid-sans-fonts # Droid Sans is the best.
google-droid-sans-mono-fonts
google-droid-serif-fonts
dejavu-sans-fonts
dejavu-sans-mono-fonts
dejavu-serif-fonts
#-------------------------------------------------------------------------
# Standard packages for all Kickstarts. You can edit this.
#-------------------------------------------------------------------------
# Security
macchanger # FIXME: In order for macchanger to
#-work, we need to set it to start on
#-each boot. I have no idea how to do that.
wipe
#realcrypt # Sadly, screw realcrypt. The GUI
#-doesn't work, and truecrypt files
#-can't be mounted if they weren't made
#-using realcrypt. Stay away.
# Actually, mounting will work if you do this: http://fedoraforum.org/leigh123linux/badday_Screenshot.png
#We need to install actual Truecrypt somehow, like through a script.
steghide # Steghide allows you to encrypt info
SteGUI # -in a picture or a wav.
# Internet Security
tor # FIXME: for vidalia to work, the Tor
privoxy # -and Privoxy Daemons need to be turned off.
vidalia
# Someone help add an I2P RPM here...
# internet browsers
midori # It's runs as fast as Google Chrome, but #-with less of the, you know, creepy tracking.
links # links is a light, initutive CLI browser.
# I want SRWare Iron here, To do that, we need to install chromium, extract the contents of Iron's linux archive to "/usr/lib/", then make a link to it in "/usr/bin".
# Other internetz
claws-mail # I put claws-mail because it is safer than
# -thunderbird, as it has support for tor.
twinkle # SIP/VOIP Phone. It was put in polippix,
#-so it's gotta be good.
aircrack-ng
# IRC
irssi
epic
lostirc
# office
abiword # Lighter than Libre/OpenOffice.
gnumeric
# audio & video
vlc # VLC or GXine? You choose. (Default is VLC)
mozilla-vlc
#gxine
#gxine-mozplugin
# system
# Command line
#wget # Is wget needed? Commented out.
terminator # MOAR TERMINALZ, MOAR FUN.
# Metadata wipers, to remove identifying info from created data.
jhead #FIXME: We need one for PDF.
%end
#-------------------------------------------------------------------------
# Scripts to run after install
#-------------------------------------------------------------------------
# Most of the below relate to making a livecd, so there probably isn't any need to edit this. Still, read them for a good example.
#
%post
# This creates a script in /etc/rc.d/init.d/ to implement liveCD hacks.
# FIXME: it'd be better to get this installed from a package
cat > /etc/rc.d/init.d/livesys << EOF
#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ]; then
exit 0
fi
if [ -e /.liveimg-configured ] ; then
configdone=1
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-configured
# mount live image
if [ -b \`readlink -f /dev/live\` ]; then
mkdir -p /mnt/live
mount -o ro /dev/live /mnt/live 2>/dev/null || mount /dev/live /mnt/live
fi
livedir="LiveOS"
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
livedir=\${arg##live_dir=}
return
fi
done
# enable swaps unless requested otherwise
swaps=\`blkid -t TYPE=swap -o device\`
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
for s in \$swaps ; do
action "Enabling swap partition \$s" swapon \$s
done
fi
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /mnt/live/\${livedir}/swap.img ] ; then
action "Enabling swap file" swapon /mnt/live/\${livedir}/swap.img
fi
mountPersistentHome() {
# support label/uuid
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
fi
# if we're given a file rather than a blockdev, loopback it
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
# mtd devs don't have a block device but get magic-mounted with -t jffs2
mountopts="-t jffs2"
elif [ ! -b "\$homedev" ]; then
loopdev=\`losetup -f\`
if [ "\${homedev##/mnt/live}" != "\${homedev}" ]; then
action "Remounting live store r/w" mount -o remount,rw /mnt/live
fi
losetup \$loopdev \$homedev
homedev=\$loopdev
fi
# if it's encrypted, we need to unlock it
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
echo
echo "Setting up encrypted /home device"
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
homedev=/dev/mapper/EncHome
fi
# and finally do the mount
mount \$mountopts \$homedev /home
# if we have /home under what's passed for persistent home, then
# we should make that the real /home. useful for mtd device on olpc
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
[ -x /sbin/restorecon ] && /sbin/restorecon /home
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
}
findPersistentHome() {
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
homedev=\${arg##persistenthome=}
return
fi
done
}
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
findPersistentHome
elif [ -e /mnt/live/\${livedir}/home.img ]; then
homedev=/mnt/live/\${livedir}/home.img
fi
# if we have a persistent /home, then we want to go ahead and mount it
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
action "Mounting persistent /home" mountPersistentHome
fi
# make it so that we don't do writing to the overlay for things which
# are just tmpdirs/caches
mount -t tmpfs -o mode=0755 varcacheyum /var/cache/yum
mount -t tmpfs tmp /tmp
mount -t tmpfs vartmp /var/tmp
[ -x /sbin/restorecon ] && /sbin/restorecon /var/cache/yum /tmp /var/tmp >/dev/null 2>&1
if [ -n "\$configdone" ]; then
exit 0
fi
# add fedora user with no passwd
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
passwd -d liveuser > /dev/null
# turn off firstboot for livecd boots
chkconfig --level 345 firstboot off 2>/dev/null
# We made firstboot a native systemd service, so it can no longer be turned
# off with chkconfig. It should be possible to turn it off with systemctl, but
# that doesn't work right either. For now, this is good enough: the firstboot
# service will start up, but this tells it not to run firstboot. I suspect the
# other services 'disabled' below are not actually getting disabled properly,
# with systemd, but we can look into that later. - AdamW 2010/08 F14Alpha
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# don't start yum-updatesd for livecd boots
chkconfig --level 345 yum-updatesd off 2>/dev/null
# turn off mdmonitor by default
chkconfig --level 345 mdmonitor off 2>/dev/null
# turn off setroubleshoot on the live image to preserve resources
chkconfig --level 345 setroubleshoot off 2>/dev/null
# don't do packagekit checking by default
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_updates never >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_upgrades never >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_refresh_cache never >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_available false >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_distro_upgrades false >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_firmware false >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_hardware false >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_codec_helper false >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_font_helper false >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_mime_type_helper false >/dev/null
# don't start cron/at as they tend to spawn things which are
# disk intensive that are painful on a live image
chkconfig --level 345 crond off 2>/dev/null
chkconfig --level 345 atd off 2>/dev/null
chkconfig --level 345 anacron off 2>/dev/null
chkconfig --level 345 readahead_early off 2>/dev/null
chkconfig --level 345 readahead_later off 2>/dev/null
# Stopgap fix for RH #217966; should be fixed in HAL instead
touch /media/.hal-mtab
# workaround clock syncing on shutdown that we don't want (#297421)
sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt
# and hack so that we eject the cd on shutdown if we're using a CD...
if strstr "\`cat /proc/cmdline\`" CDLABEL= ; then
cat >> /sbin/halt.local << FOE
#!/bin/bash
# XXX: This often gets stuck during shutdown because /etc/init.d/halt
# (or something else still running) wants to read files from the block\
# device that was ejected. Disable for now. Bug #531924
# we want to eject the cd on halt, but let's also try to avoid
# io errors due to not being able to get files...
#cat /sbin/halt > /dev/null
#cat /sbin/reboot > /dev/null
#/usr/sbin/eject -p -m \$(readlink -f /dev/live) >/dev/null 2>&1
#echo "Please remove the CD from your drive and press Enter to finish restarting"
#read -t 30 < /dev/console
FOE
chmod +x /sbin/halt.local
fi
EOF
# bah, hal starts way too late
# This script runs after the above one
cat > /etc/rc.d/init.d/livesys-late << EOF
#!/bin/bash
#
# live: Late init script for live image
#
# chkconfig: 345 99 01
# description: Late init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
exit 0
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-late-configured
# read some variables out of /proc/cmdline
for o in \`cat /proc/cmdline\` ; do
case \$o in
ks=*)
ks="--kickstart=\${o#ks=}"
;;
xdriver=*)
xdriver="\${o#xdriver=}"
;;
esac
done
# if liveinst or textinst is given, start anaconda
if strstr "\`cat /proc/cmdline\`" liveinst ; then
plymouth --quit
/usr/sbin/liveinst \$ks
fi
if strstr "\`cat /proc/cmdline\`" textinst ; then
plymouth --quit
/usr/sbin/liveinst --text \$ks
fi
# configure X, allowing user to override xdriver
if [ -n "\$xdriver" ]; then
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
Section "Device"
Identifier "Videocard0"
Driver "\$xdriver"
EndSection
FOE
fi
EOF
# The below makes the created scripts usable
chmod 755 /etc/rc.d/init.d/livesys
/sbin/restorecon /etc/rc.d/init.d/livesys
/sbin/chkconfig --add livesys
chmod 755 /etc/rc.d/init.d/livesys-late
/sbin/restorecon /etc/rc.d/init.d/livesys-late
/sbin/chkconfig --add livesys-late
# work around for poor key import UI in PackageKit
rm -f /var/lib/rpm/__db*
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
echo "Packages within this LiveCD"
rpm -qa
# go ahead and pre-make the man -k cache (#455968)
/usr/bin/mandb
# save a little bit of space at least...
rm -f /boot/initramfs*
# make sure there aren't core files lying around
rm -f /core*
# convince readahead not to collect
rm -f /.readahead_collect
touch /var/lib/readahead/early.sorted
%end
%post --nochroot
# This copies the GPL to /usr/share/doc of the LiveCD's directory.
cp $INSTALL_ROOT/usr/share/doc/*-release-*/GPL $LIVE_ROOT/GPL
# only works on x86, x86_64
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
fi
%end