forked from telekom-security/tpotce
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmakeiso.sh
executable file
Β·310 lines (286 loc) Β· 10.3 KB
/
makeiso.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
#!/bin/bash
# Set TERM, DIALOGRC
export TERM=linux
# Let's define some global vars
myBACKTITLE="T-Pot - ISO Creator"
### DEV
myTPOTDIR="tpotiso"
myTPOTSEED="iso/preseed/tpot.seed"
myPACKAGES="dialog genisoimage pv rsync syslinux syslinux-utils udisks2 wget xorriso"
myPFXFILE="iso/installer/keys/8021x.pfx"
myINSTALLERPATH="iso/installer/install.sh"
myNTPCONFFILE="iso/installer/timesyncd.conf"
myTMP="tmp"
myCONF_FILE="iso/installer/iso.conf"
myCONF_DEFAULT_FILE="iso/installer/iso.conf.dist"
# Got root?
myWHOAMI=$(whoami)
if [ "$myWHOAMI" != "root" ]
then
echo "Need to run as root ..."
sudo ./$0
exit
fi
# Let's check if all dependencies are met
myINST=""
for myDEPS in $myPACKAGES;
do
myOK=$(dpkg -s $myDEPS | grep ok | awk '{ print $3 }');
if [ "$myOK" != "ok" ]
then
myINST=$(echo $myINST $myDEPS)
fi
done
if [ "$myINST" != "" ]
then
apt-get update -y
for myDEPS in $myINST;
do
apt-get install $myDEPS -y
done
fi
# Let's clean up at the end or if something goes wrong ...
function fuCLEANUP {
rm -rf $myTMP $myTPOTDIR $myPFXFILE $myNTPCONFFILE $myCONF_FILE
if [ -f $myTPOTSEED.bak ];
then
mv $myTPOTSEED.bak $myTPOTSEED
fi
}
trap fuCLEANUP EXIT
# Let's create a function for validating an IPv4 address
function valid_ip()
{
local ip=$1
local stat=1
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
OIFS=$IFS
IFS='.'
ip=($ip)
IFS=$OIFS
[[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
&& ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
stat=$?
fi
return $stat
}
# Let's ask for the architecture and set VARs accordingly...
myARCH=$(dialog --backtitle "$myBACKTITLE" --title "[ Architecture ]" --menu "Please choose." 9 60 2 "amd64" "For x64 AMD / Intel CPUs" "arm64" "For Apple Silicon, 64 Bit ARM based CPUs" 3>&1 1>&2 2>&3 3>&-)
if [ "$myARCH" == "" ];
then
exit
fi
myMINIISOLINK="http://ftp.debian.org/debian/dists/bullseye/main/installer-$myARCH/current/images/netboot/mini.iso"
myMINIISO="mini_$myARCH.iso"
myTPOTISO="tpot_$myARCH.iso"
# Let's load the default config file
if [ -f $myCONF_DEFAULT_FILE ];
then
source $myCONF_DEFAULT_FILE
fi
# Let's ask the user for a proxy ...
while true;
do
dialog --backtitle "$myBACKTITLE" --title "[ Proxy Settings ]" --yesno "\nDo you want to configure a proxy?" 7 50
myCONF_PROXY_USE=$?
if [ "$myCONF_PROXY_USE" = "0" ]
then
myIPRESULT="false"
while [ "$myIPRESULT" = "false" ];
do
myCONF_PROXY_IP=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "Proxy IP?" --inputbox "" 7 50 "$myCONF_PROXY_IP" 3>&1 1>&2 2>&3 3>&-)
if valid_ip $myCONF_PROXY_IP; then myIPRESULT="true"; fi
done
myPORTRESULT="false"
while [ "$myPORTRESULT" = "false" ];
do
myCONF_PROXY_PORT=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "Proxy Port (i.e. 3128)?" --inputbox "" 7 50 "$myCONF_PROXY_PORT" 3>&1 1>&2 2>&3 3>&-)
if [[ $myCONF_PROXY_PORT =~ ^-?[0-9]+$ ]] && [ $myCONF_PROXY_PORT -gt 0 ] && [ $myCONF_PROXY_PORT -lt 65536 ]; then myPORTRESULT="true"; fi
done
sed -i.bak 's#d-i mirror/http/proxy.*#d-i mirror/http/proxy string http://'$myCONF_PROXY_IP':'$myCONF_PROXY_PORT'/#' $myTPOTSEED
break
else
myCONF_PROXY_IP=""
myCONF_PROXY_PORT=""
break
fi
done
# Let's ask the user for 802.1x data ...
while true;
do
dialog --backtitle "$myBACKTITLE" --title "[ Need 802.1x auth? ]" --yesno "\nDo you want to add a 802.1x host certificate?" 7 50
myCONF_PFX_USE=$?
if [ "$myCONF_PFX_USE" = "0" ]
then
myCONF_PFX_FILE=$(dialog --backtitle "$myBACKTITLE" --fselect "$myCONF_PFX_FILE" 15 50 3>&1 1>&2 2>&3 3>&-)
if [ -f "$myCONF_PFX_FILE" ]
then
cp $myCONF_PFX_FILE $myPFXFILE
dialog --backtitle "$myBACKTITLE" --title "[ Password protected? ]" --yesno "\nDoes the certificate need your password?" 7 50
myCONF_PFX_PW_USE=$?
if [ "$myCONF_PFX_PW_USE" = "0" ]
then
myCONF_PFX_PW=$(dialog --backtitle "$myBACKTITLE" --no-cancel --inputbox "Password?" 7 50 3>&1 1>&2 2>&3 3>&-)
else
myCONF_PFX_PW=""
fi
myCONF_PFX_HOST_ID=$(dialog --backtitle "$myBACKTITLE" --no-cancel --inputbox "Host ID?" 7 50 "$myCONF_PFX_HOST_ID" 3>&1 1>&2 2>&3 3>&-)
break
else
dialog --backtitle "$myBACKTITLE" --title "[ Try again! ]" --msgbox "\nThis is no regular file." 7 50;
fi
else
myCONF_PFX_FILE=""
myCONF_PFX_HOST_ID=""
myCONF_PFX_PW=""
break
fi
done
# Let's ask the user for a ntp server ...
while true;
do
dialog --backtitle "$myBACKTITLE" --title "[ NTP server? ]" --yesno "\nDo you want to configure a ntp server?" 7 50
myCONF_NTP_USE=$?
if [ "$myCONF_NTP_USE" = "0" ]
then
myIPRESULT="false"
while [ "$myIPRESULT" = "false" ];
do
myCONF_NTP_IP=$(dialog --backtitle "$myBACKTITLE" --no-cancel --title "NTP IP?" --inputbox "" 7 50 "$myCONF_NTP_IP" 3>&1 1>&2 2>&3 3>&-)
if valid_ip $myCONF_NTP_IP; then myIPRESULT="true"; fi
done
tee $myNTPCONFFILE <<EOF
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See timesyncd.conf(5) for details.
[Time]
NTP=$myCONF_NTP_IP
#FallbackNTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048
EOF
break
else
myCONF_NTP_IP=""
break
fi
done
# Let's write the config file
if [ "$myCONF_PROXY_USE" == "0" ] || [ "$myCONF_PFX_USE" == "0" ] || [ "$myCONF_NTP_USE" == "0" ];
then
echo "# makeiso configuration file" > $myCONF_FILE
echo "myCONF_PROXY_USE=\"$myCONF_PROXY_USE\"" >> $myCONF_FILE
echo "myCONF_PROXY_IP=\"$myCONF_PROXY_IP\"" >> $myCONF_FILE
echo "myCONF_PROXY_PORT=\"$myCONF_PROXY_PORT\"" >> $myCONF_FILE
echo "myCONF_PFX_USE=\"$myCONF_PFX_USE\"" >> $myCONF_FILE
echo "myCONF_PFX_FILE=\"/root/installer/keys/8021x.pfx\"" >> $myCONF_FILE
echo "myCONF_PFX_PW_USE=\"$myCONF_PFX_PW_USE\"" >> $myCONF_FILE
echo "myCONF_PFX_PW=\"$myCONF_PFX_PW\"" >> $myCONF_FILE
echo "myCONF_PFX_HOST_ID=\"$myCONF_PFX_HOST_ID\"" >> $myCONF_FILE
echo "myCONF_NTP_USE=\"$myCONF_NTP_USE\"" >> $myCONF_FILE
echo "myCONF_NTP_IP=\"$myCONF_NTP_IP\"" >> $myCONF_FILE
echo "myCONF_NTP_CONF_FILE=\"/root/installer/timesyncd.conf\"" >> $myCONF_FILE
fi
# Let's download Debian Minimal ISO
if [ ! -f $myMINIISO ]
then
wget $myMINIISOLINK --progress=dot 2>&1 | awk '{print $7+0} fflush()' | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian for $myARCH ]" --gauge "" 5 70;
echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian for $myARCH ... Done! ]" --gauge "" 5 70;
# Need to rename after download or progresss bar does not work.
mv mini.iso $myMINIISO
else
dialog --infobox "Using previously downloaded .iso ..." 3 50;
fi
# Let's extract ISO contents (using / to extract all from ISO root)
xorriso -osirrox on -indev $myMINIISO -extract / $myTPOTDIR
# Let's modify initrd and create a tmp for the initrd filesystem we need to modify
gunzip $myTPOTDIR/initrd.gz
mkdir $myTPOTDIR/tmp
cd $myTPOTDIR/tmp
cpio --extract --make-directories --no-absolute-filenames < ../initrd
cd ..
rm initrd
cd ..
# Let's add the files for the automated install
mkdir -p $myTPOTDIR/tmp/opt/
cp iso/installer -R $myTPOTDIR/tmp/opt/
# Isolinux is only necessary for AMD64
if [ "$myARCH" = "amd64" ];
then
cp iso/isolinux/* $myTPOTDIR/
else
sed -i "s#menuentry 'Install'#menuentry 'Install T-Pot 22.04.0 (ARM64)'#g" $myTPOTDIR/boot/grub/grub.cfg
fi
# For now we need architecture based preseeds
cp iso/preseed/tpot_$myARCH.seed $myTPOTDIR/tmp/preseed.cfg
# Let's create the new initrd
cd $myTPOTDIR/tmp
find . | cpio -H newc --create > ../initrd
cd ..
gzip initrd
rm -rf tmp
cd ..
# Since ARM64 needs EFI we need different methods to build the ISO
cd $myTPOTDIR
if [ "$myARCH" == "amd64" ];
then
# Create AMD64 .iso
xorrisofs -gui -D -r -V "T-Pot $myARCH" \
-cache-inodes -J -l -b isolinux.bin \
-c boot.cat -no-emul-boot -boot-load-size 4 \
-boot-info-table \
-o ../"$myTPOTISO" ../"$myTPOTDIR" 2>&1 | awk '{print $1+0} fflush()' | cut -f1 -d"." | dialog --backtitle "$myBACKTITLE" --title "[ Building T-Pot $myARCH .iso ... ]" --gauge "" 5 70 0
echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Building T-Pot $myARCH .iso ... Done! ]" --gauge "" 5 70
cd ..
isohybrid $myTPOTISO
else
# Create ARM64 .iso
xorriso -as mkisofs -r -V "T-Pot $myARCH" \
-J -joliet-long -cache-inodes \
-e boot/grub/efi.img \
-no-emul-boot \
-append_partition 2 0xef boot/grub/efi.img \
-partition_cyl_align all \
-o ../"$myTPOTISO" \
../"$myTPOTDIR"
echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Building T-Pot $myARCH .iso ... Done! ]" --gauge "" 5 70
cd ..
fi
sha256sum $myTPOTISO > "tpot_$myARCH.sha256"
# Let's write the image
while true;
do
dialog --backtitle "$myBACKTITLE" --yesno "\nWrite .iso to USB drive?" 7 50
myUSBCOPY=$?
if [ "$myUSBCOPY" = "0" ]
then
myTARGET=$(dialog --backtitle "$myBACKTITLE" --title "[ Select target device ... ]" --menu "" 16 40 10 $(lsblk -io NAME,SIZE -dnp) 3>&1 1>&2 2>&3 3>&-)
if [ "$myTARGET" != "" ]
then
dialog --backtitle "$myBACKTITLE" --yesno "\nWrite .iso to "$myTARGET"?" 7 50
myWRITE=$?
if [ "$myWRITE" = "0" ]
then
umount $myTARGET? 2>&1 || true
(pv -n "$myTPOTISO" | dd of="$myTARGET") 2>&1 | dialog --backtitle "$myBACKTITLE" --title "[ Writing .iso to target ... ]" --gauge "" 5 70 0
echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Writing .iso to target ... Done! ]" --gauge "" 5 70
udisksctl power-off -b $myTARGET 2>&1
break
fi
fi
else
break;
fi
done
dialog --clear
exit 0