diff options
Diffstat (limited to 'core')
| -rw-r--r-- | core/conf/iptables/ipt-bridge.sh | 14 | ||||
| -rw-r--r-- | core/conf/iptables/ipt-conf.sh | 1 | ||||
| -rw-r--r-- | core/conf/iptables/ipt-firewall.sh | 2 | ||||
| -rw-r--r-- | core/conf/rc.d/iptables | 4 | ||||
| -rw-r--r-- | core/conf/skel/.tmux.conf | 2 | ||||
| -rw-r--r-- | core/scripts/backup-ports.sh | 104 | ||||
| -rw-r--r-- | core/scripts/backup-system.sh | 74 | ||||
| -rw-r--r-- | core/scripts/portspage.patch | 27 | ||||
| -rw-r--r-- | core/scripts/restore-ports.sh | 53 |
9 files changed, 201 insertions, 80 deletions
diff --git a/core/conf/iptables/ipt-bridge.sh b/core/conf/iptables/ipt-bridge.sh index 6ad26fa..fa987a5 100644 --- a/core/conf/iptables/ipt-bridge.sh +++ b/core/conf/iptables/ipt-bridge.sh @@ -109,9 +109,11 @@ $IPT -A INPUT -i ${WIFI_IF} -p udp --sport 137 --dport 137 -j DROP $IPT -A INPUT -i ${WIFI_IF} -p udp --sport 138 --dport 138 -j DROP $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_icmp +$IPT -A INPUT -i ${BR_IF} -d ${WIFI_NET} -s ${BR_NET} -j srv_icmp $IPT -A INPUT -i ${BR_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_dns_in $IPT -A INPUT -i ${WIFI_IF} -d ${PUB_IP} -s ${WIFI_NET} -j srv_dns_in +$IPT -A INPUT -i ${WIFI_IF} -s ${WIFI_NET} -d ${WIFI_NET} -j srv_dns_in $IPT -A INPUT -i ${BR_IF} -j srv_dhcp $IPT -A INPUT -i ${BR_IF} -s ${GW} -d ${PUB_IP} -j srv_dhcp @@ -129,6 +131,11 @@ $IPT -A INPUT -i ${WIFI_IF} -j cli_http_in $IPT -A INPUT -i ${WIFI_IF} -j cli_git_in $IPT -A INPUT -i ${WIFI_IF} -j cli_ssh_in +# c2.ank /iso -> c9.ank /srv/qemu/iso +$IPT -A INPUT -i ${BR_IF} -m physdev --physdev-in tap2 -d ${PUB_IP} -j srv_http_in +# hyperbola servers +$IPT -A INPUT -p tcp --dport 1024:65535 --sport 50100 -m state --state RELATED,ESTABLISHED -j ACCEPT + ####### Output Chain ###### $IPT -A OUTPUT -j blocker @@ -139,6 +146,7 @@ $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d ${DNS} -j cli_dns_out $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d ${BR_NET} -j srv_dns_out $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d ${BR_NET} -j srv_ssh_out $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d ${BR_NET} -j srv_icmp +$IPT -A OUTPUT -o ${BR_IF} -s ${WIFI_NET} -d ${BR_NET} -j srv_icmp $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d ${BR_NET} -j cli_ssh_out $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d ${BR_NET} -j cli_git_out @@ -149,7 +157,6 @@ $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_https_out $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_http_out $IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_git_out - $IPT -A OUTPUT -o ${WIFI_IF} -d ${DNS} -j cli_dns_out $IPT -A OUTPUT -o ${WIFI_IF} -d ${WIFI_NET} -j srv_dns_out $IPT -A OUTPUT -o ${WIFI_IF} -j srv_dns_out @@ -159,7 +166,10 @@ $IPT -A OUTPUT -o ${WIFI_IF} -j cli_git_out $IPT -A OUTPUT -o ${WIFI_IF} -j cli_https_out $IPT -A OUTPUT -o ${WIFI_IF} -j cli_http_out -#$IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -j cli_ssh_out +# Hyperbola servers +$IPT -A OUTPUT -p tcp --sport 1024:65535 --dport 50100 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT +# c2.ank /iso -> c9.ank /srv/qemu/iso +$IPT -A OUTPUT -o ${BR_IF} -s ${PUB_IP} -d 10.0.0.4 -j srv_http_out ####### PostRouting Chain ###### #Less noise diff --git a/core/conf/iptables/ipt-conf.sh b/core/conf/iptables/ipt-conf.sh index eef0b52..52669dc 100644 --- a/core/conf/iptables/ipt-conf.sh +++ b/core/conf/iptables/ipt-conf.sh @@ -12,6 +12,7 @@ GW="10.0.0.1" #GW="10.0.0.2" #DNS="10.0.0.254" DNS="212.55.154.174" +#DNS="8.8.8.8" PUB_IP="10.0.0.254" PUB_IF="enp8s0" diff --git a/core/conf/iptables/ipt-firewall.sh b/core/conf/iptables/ipt-firewall.sh index 4697de0..6ea613a 100644 --- a/core/conf/iptables/ipt-firewall.sh +++ b/core/conf/iptables/ipt-firewall.sh @@ -197,7 +197,7 @@ ipt_tables () { $IPT -A cli_ftp_in -j RETURN $IPT -A cli_ftp_out -p tcp --dport 21 --sport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT $IPT -A cli_ftp_out -p tcp --dport 20 --sport 1024:65535 -m state --state ESTABLISHED -j ACCEPT - $IPT -A cli_ftp_out -p tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT + $IPT -A cli_ftp_out -p tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A cli_ftp_out -j RETURN ######## GIT client diff --git a/core/conf/rc.d/iptables b/core/conf/rc.d/iptables index 26a48b4..9471f99 100644 --- a/core/conf/rc.d/iptables +++ b/core/conf/rc.d/iptables @@ -13,13 +13,13 @@ case $1 in ## log everything else and drop ipt_log - iptables-save > /etc/iptables/net.v4 + iptables-save > /etc/iptables/bridge.v4 ;; server) source /etc/iptables/iptables-conf.sh ## log everything else and drop - iptables_log + ipt_log iptables-save > /etc/iptables/net.v4 ;; diff --git a/core/conf/skel/.tmux.conf b/core/conf/skel/.tmux.conf index 4feb9a4..ee127e8 100644 --- a/core/conf/skel/.tmux.conf +++ b/core/conf/skel/.tmux.conf @@ -9,7 +9,7 @@ bind-key -T copy-mode-vi 'y' send-keys -X copy-selection-and-cancel # copy tmux's selection buffer into the primary X selection with PREFIX+CTRL+Y bind-key u run "tmux save-buffer - | xsel -ib" # copy primary X selection into tmux's selection buffer with PREFIX+CTRL+P -bind-key e run "xsel -o | tmux load-buffer -" +bind-key e run "xsel -ob | tmux load-buffer -" set-option -g set-titles on set-option -g set-titles-string '#S> #I.#P #W' diff --git a/core/scripts/backup-ports.sh b/core/scripts/backup-ports.sh new file mode 100644 index 0000000..b5667e4 --- /dev/null +++ b/core/scripts/backup-ports.sh @@ -0,0 +1,104 @@ +#!/bin/bash + +DEST_SYS=/usr/ports/releases/stable +DEST_ARC=/usr/ports/releases/archives + +#PRT_GET_FLAGS="-fr -if -is" +PRT_GET_FLAGS="-fr" + +# Build Name = R1 (System number) D1 (Droid/Machine number) +BUILD_NAME="R1D9" +#echo "Give build NAME;" +#echo "${DEST_ARC}/NAME-0.0.0.targ.gz" +#read BUILD_NAME + +echo "Give build CRUX_RELEASE.VERSION (3.4.X);" +echo "${DEST_ARC}/${BUILD_NAME}-VERSION.tar.gz" +read BUILD_VERSION + +mkdir -p ${DEST_SYS} +mkdir -p ${DEST_ARC} + +backup_collections() { + + # backup collection packages + while read COLL_VERSION; do + COLL_NAME=$(echo $COLL_VERSION | cut -d "-" -f 1) + COLL_RELEASE=$(echo $COLL_VERSION | cut -d "-" -f 2) + + while read PORT_NAME; do + # get installed version not version on ports + PACKAGE=$(grep "^${PORT_NAME}#" ${DEST_SYS}/all-installed.pkg) + echo "Backing up package: ${PACKAGE}" + + # check if binary package exist + if [ ! -f /usr/ports/packages/${PACKAGE} ]; then + echo "Building package: ${PACKAGE};" + sudo prt-get update ${PRT_GET_FLAGS} ${PORT_NAME} + fi + + if [ -f /usr/ports/packages/${PACKAGE} ]; then + echo ${PACKAGE} >> ${DEST_SYS}/${COLL_NAME}-backup.pkg + tar rvf ${DEST_SYS}/${COLL_NAME}-${COLL_RELEASE}.tar --directory=/usr/ports/packages ${PACKAGE} + else + echo "Package ${PACKAGE} from ${PORT_NAME} port not found." + echo ${PACKAGE} >> ${DEST_SYS}/${COLL_NAME}-${COLL_RELEASE}-notfound.pkg + fi + done < ${DEST_SYS}/${COLL_NAME}-installed.pkg + done < ${DEST_SYS}/ports_versions.pkg +} + +create_metadata() { + echo "${BUILD_NAME}-${BUILD_VERSION}" >> ${DEST_SYS}/build_version + + # archive pkgutils data + tar --xattrs -zcpf ${DEST_SYS}/pkg-db.tar.gz /var/lib/pkg/db . + + # archive ports data + tar --xattrs -zcpf ${DEST_SYS}/etc_ports.tar.gz --directory=/etc/ports . + + # must be using gwak instead of sed + prt-get listinst -v | sed 's/ /#/g' | sed 's/$/.pkg.tar.gz/g' > ${DEST_SYS}/all-installed.pkg + + if [ -f ${DEST_SYS}/ports_versions ]; then + rm ${DEST_SYS}/ports_versions.pkg + fi + + for filename in /etc/ports/*.git; do + source $filename + + echo "${NAME} port collection release (exp; ${BUILD_VERSION}):" + + read RELEASE + echo ${NAME}-${RELEASE} >> ${DEST_SYS}/ports_versions.pkg + + # backup ports collection + echo "Backing up collection: ${NAME}" + tar --xattrs -zcpf ${DEST_SYS}/${NAME}-ports-${RELEASE}.tar.gz \ + --directory=/usr/ports/${NAME} \ + --exclude=.git/ \ + . + + # create list of installed packages + prt-get printf "%i %p %n\n" | grep "yes /usr/ports/${NAME}" | cut -d " " -f 3 > ${DEST_SYS}/${NAME}-installed.pkg + done +} + +create_archive() { + echo "Creating ${DEST_ARC}/${BUILD_NAME}-${BUILD_VERSION}.tar.gz ..." + tar --xattrs -zcpf ${DEST_ARC}/${BUILD_NAME}-${BUILD_VERSION}.tar.gz --directory=${DEST_SYS} . +} + +update_host() { + echo "Creating links to /usr/ports/installed" + rm -r /usr/ports/installed + pkg_installed + + echo "Creating ports page" + portspage --title=${BUILD_NAME}-${BUILD_VERSION} /usr/ports/installed > /usr/ports/installed/index.html +} + +create_metadata +backup_collections +create_archive +update_host diff --git a/core/scripts/backup-system.sh b/core/scripts/backup-system.sh index 7faf676..17c8c6a 100644 --- a/core/scripts/backup-system.sh +++ b/core/scripts/backup-system.sh @@ -193,77 +193,3 @@ do *) echo "Please enter only y or n" esac done - -# Port System -while true -do - echo "Backup Port System ?" - echo "Please confirm (y or n) :" - read CONFIRM - case $CONFIRM in - n|N|no|NO|No) break ;; - y|Y|YES|yes|Yes) - echo "Accept - you entered $CONFIRM" - - # archive pkgutils data - tar --xattrs -zcpf $DEST_SYS/pkg-db.tar.gz \ - /var/lib/pkg/db - - # archive ports data - tar --xattrs -zcpf $DEST_SYS/etc_ports.tar.gz \ - --directory=/etc/ports \ - . - - METADATA=${DEST_SYS}/meta-data - mkdir -p $METADATA - - # must be using gwak instead of sed - prt-get listinst -v | sed 's/ /#/g' | sed 's/$/.pkg.tar.gz/g' > ${METADATA}/all-installed.pkg - - for filename in /etc/ports/*.git; do - source $filename - - # backup ports collection - echo "Backing up collection: $NAME" - tar --xattrs -zcpf $PORT_PRT/${NAME}-ports.tar.gz \ - --directory=$ROOT_DIR/usr/ports/${NAME} \ - --exclude=.git/ \ - . - - - # create list of installed packages - prt-get printf "%i %p %n\n" | grep "yes /usr/ports/${NAME}" | cut -d " " -f 3 > ${METADATA}/${NAME}-installed.pkg - - # backup collection packages - while read line; do - echo "Backing up package: ${NAME}/${line}" - # get installed version not version on ports - PACKAGE="$(cat ${METADATA}/all-installed.pkg | grep "^${line}#")" - if [ ! -f /usr/ports/packages/${PACKAGE} ]; then - echo "Building package: ${PACKAGE};\n" - sudo prt-get update -fr -if -is ${line} - (cd /usr/ports/${NAME}/${line} \ - && sudo pkgmk -uf) - fi - - if [ -f /usr/ports/packages/${PACKAGE} ]; then - echo ${PACKAGE} >> ${METADATA}/${NAME}-backup.pkg - #cp /usr/ports/packages/${PACKAGE} ${PORT_PKG}/${NAME}/ - tar rvf ${PORT_PKG}/${NAME}.tar \ - --directory=/usr/ports/packages \ - ${PACKAGE} - else - echo "Package $PORT_NAME not found: ${line}" - echo ${PACKAGE} >> ${METADATA}/${NAME}-notfound.pkg - fi - done < ${METADATA}/${NAME}-installed.pkg - done - break - ;; - *) echo "Please enter only y or n" - esac -done - -RELEASE_NAME=$(basename ${DEST_DIR}) -cd $(dirname ${DEST_DIR}) && tar -zcpf ${RELEASE_NAME}.tar.gz ${RELEASE_NAME}/ -rm -rf ${DEST_DIR} diff --git a/core/scripts/portspage.patch b/core/scripts/portspage.patch new file mode 100644 index 0000000..c94ea4a --- /dev/null +++ b/core/scripts/portspage.patch @@ -0,0 +1,27 @@ +220c220 +< print " <h2>$options{title}</h2>\n"; +--- +> print " <h2><a href=\"https://hive.gnu.systems/wiki/mirror\">Mirror</a> | <a href=\"https://hive.gnu.systems/wiki/crux\">Crux</a> | <a href=\"https://hive.gnu.systems/git/\">Git</a> | <a href=\"https://hive.gnu.systems/mirror/bugs/\">Build errors</a> | <a href=\"https://hive.gnu.systems/mirror/distfiles/\">Distfiles</a> | <a href=\"https://hive.gnu.systems/mirror/releases/archives/$options{title}.tar.gz\">$options{title}.tar.gz</a> | <a href=\"https://hive.gnu.systems/mirror/archive/\">Archive</a></h2>\n"; +233c233,238 +< print " <tr class=\"header\"><td><b>Port</b></td><td><b>Version</b></td><td><b>Description</b></td>"; +--- +> print " <tr class=\"header\"> +> <td><b>Project page</b></td> +> <td><b>Port</b></td> +> <td><b>Package</b></td> +> <td><b>Description</b></td>"; +> +244,248c249,255 +< print " <tr class=\"$odd\"><td>"; +< $db{$port}{URL} ? print "<a href=\"$db{$port}{URL}\">$port</a>" : print "$port"; +< print "</td><td><a href=\"$options{directory}/$port/\">$db{$port}{version}-$db{$port}{release}</a></td><td>"; +< print $db{$port}{Description} if $db{$port}{Description}; +< print "</td>"; +--- +> my $port_collection=`prt-get info $port | grep "Path:" | cut -d ":" -f 2 | xargs basename`; +> print " <tr class=\"$odd\">"; +> $db{$port}{URL} ? print "<td><a href=\"$db{$port}{URL}\">$port</a></td>" : print "<td>$port</td>"; +> #print "</td><td><a href=\"$options{directory}/$port/\">$db{$port}{version}-$db{$port}{release}</a></td><td>"; +> print "<td><a href=\"https://hive.gnu.systems/git/$port_collection.git/tree/refs/heads/master\:/$port\">$db{$port}{version}-$db{$port}{release}</a></td>"; +> print "<td><a href=\"https://hive.gnu.systems/mirror/packages/$port%23$db{$port}{version}-$db{$port}{release}.pkg.tar.gz\">$port#$db{$port}{version}-$db{$port}{release}.pkg.tar.gz</a></td>"; +> print "<td>$db{$port}{Description}</td>" if $db{$port}{Description}; diff --git a/core/scripts/restore-ports.sh b/core/scripts/restore-ports.sh new file mode 100644 index 0000000..39f5178 --- /dev/null +++ b/core/scripts/restore-ports.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +BUILD_NAME=R1D9 +BUILD_VERSION=3.4.1 +WORK_DIR=/usr/ports/work/${BUILD_NAME}-${BUILD_VERSION} + +prepare_archive() { + mkdir -p ${WORK_DIR} + wget --directory-prefix=${WORK_DIR} https://hive.gnu.systems/mirror/releases/archives/${BUILD_NAME}-${BUILD_VERSION}.tar.gz + echo "extracting ${WORK_DIR}/${BUILD_NAME}-${BUILD_VERSION}.tar.gz..." + tar -C ${WORK_DIR} -xf ${WORK_DIR}/${BUILD_NAME}-${BUILD_VERSION}.tar.gz + rm ${WORK_DIR}/${BUILD_NAME}-${BUILD_VERSION}.tar.gz +} + +extract_archives() { + while read COLL_VERSION; do + COLL_NAME=$(echo $COLL_VERSION | cut -d "-" -f 1) + COLL_RELEASE=$(echo $COLL_VERSION | cut -d "-" -f 2) + echo "extracting ${COLL_VERSION}.tar to /usr/ports/packages" + tar -C /usr/ports/packages -xf ${WORK_DIR}/${COLL_VERSION}.tar + rm ${WORK_DIR}/${COLL_VERSION}.tar + done < ${WORK_DIR}/ports_versions.pkg +} + +update_system() { + mkdir -p ${WORK_DIR}/etc/ports + tar -C ${WORK_DIR}/etc/ports -xf ${WORK_DIR}/etc_ports.tar.gz + cp ${WORK_DIR}/etc/ports/*.git /etc/ports/ + + while read COLL_VERSION; do + COLL_NAME=$(echo $COLL_VERSION | cut -d "-" -f 1) + ports -u $COLL_NAME + done < ${WORK_DIR}/ports_versions.pkg + + # first update with prt-get + prt-get sysup + prt-get --pre-install --post-install update $(prt-get listinst) + prt-get depinst $(prt-get printf "%p %n\n" | grep "/usr/ports/core" | cut -d " " -f 2) + prt-get update $(revdep) + + rejmerge +} + +install_distro() { + while read PACKAGE; do + prt-get depinst $(echo $PACKAGE | cut -d "#" -f 1); + done < ${WORK_DIR}/all-installed.pkg +} + +prepare_archive +extract_archives +update_system +install_distro |