Merge branch 'stretch' of https://github.com/bashrc/freedombone

doc/EN/installation.org

  * [[https://beagleboard.org/BLACK][Beaglebone Black]]
  * [[https://linux-sunxi.org/Cubietech_Cubieboard2][Cubieboard 2]]
  * [[https://linux-sunxi.org/Cubietruck][Cubietruck (Cubieboard 3)]]
+ * [[https://www.sparkfun.com/products/retired/12856][PCDuino3]]
  * [[https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME/open-source-hardware][olinuxino Lime]]
  * [[https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME2/open-source-hardware][olinuxino Lime2]]
  * [[https://www.olimex.com/Products/OlinuXino/A20/A20-OlinuXino-MICRO/open-source-hardware][olinuxino Micro]]

src/freedombone-app-matrix

 MATRIX_FEDERATION_ONION_PORT=8111
 MATRIX_ONION_PORT=8109
 MATRIX_REPO="https://github.com/matrix-org/synapse"
-MATRIX_COMMIT='c45dc6c62aa2a2e83a10d8116a709dfd8c144e3c'
+MATRIX_COMMIT='77ea8cbdd7202d75538623c79b3d33119221d02b'
 REPORT_STATS="no"
 MATRIX_SECRET=
 MATRIX_EXPIRE_MONTHS=1

src/freedombone-app-riot

 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
 
-RIOT_VERSION='0.12.1'
+RIOT_VERSION='0.12.2'
 RIOT_FILENAME="riot-v${RIOT_VERSION}"
-RIOT_HASH='f6fc2df335af2abcf9fa1329819d20b4d1a0fc8a94a8f087b5f09941f2d5c44a'
+RIOT_HASH='d0de730cb3e688040ba5c23680a676dabc94386830582842a4728767ed6dcd7f'
 RIOT_DOWNLOAD_URL="https://github.com/vector-im/riot-web/releases/download/v${RIOT_VERSION}"
 RIOT_ONION_PORT=8115
 RIOT_ONION_HOSTNAME=
     if [[ $ONION_ONLY == 'no' ]]; then
         sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
         sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"https://${MATRIX_DOMAIN_NAME}\",|g" config.json
-        sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"https://${MATRIX_DOMAIN_NAME}/\",|g" config.json
-        sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"https://${MATRIX_DOMAIN_NAME}/api\",|g" config.json
+        sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" config.json
+        sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" config.json
         sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"https://${MATRIX_DOMAIN_NAME}/bugs\",|g" config.json
         sed -i "/\"servers\":/a \"${MATRIX_DOMAIN_NAME}\"," config.json
     else
         sed -i "s|\"default_hs_url\":.*|\"default_hs_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
         sed -i "s|\"default_is_url\":.*|\"default_is_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}\",|g" config.json
-        sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/\",|g" config.json
-        sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/api\",|g" config.json
+        sed -i "s|\"integrations_ui_url\":.*|\"integrations_ui_url\": \"\",|g" config.json
+        sed -i "s|\"integrations_rest_url\":.*|\"integrations_rest_url\": \"\",|g" config.json
         sed -i "s|\"bug_report_endpoint_url\":.*|\"bug_report_endpoint_url\": \"http://${MATRIX_ONION_DOMAIN_NAME}/bugs\",|g" config.json
         sed -i "/\"servers\":/a \"${MATRIX_ONION_DOMAIN_NAME}\"," config.json
     fi

src/freedombone-controlpanel

 
                 ' | reset-tripwire
     echo ''
+
+    # Sometimes nginx fails to restart if matrix is installed
+    # Restart matrix first
+    if [ -d /etc/matrix ]; then
+        systemctl restart matrix
+        systemctl restart nginx
+    fi
+
     if [ -f /var/lib/tripwire/${HOSTNAME}.twd ]; then
         show_tripwire_verification_code
         echo $'Tripwire is now reset. Take a note of the above hash, or record'

src/freedombone-image-customise

     if [[ $SOCIALINSTANCE == "gnusocial" ]]; then
         git clone $GNUSOCIAL_REPO $rootdir/repos/gnusocial
         git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
-        git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
+        #git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
         git clone $PLEROMA_REPO $rootdir/repos/pleroma
         return
     fi
 
     if [[ $SOCIALINSTANCE == "postactiv" ]]; then
         git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
-        git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
+        #git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
         git clone $PLEROMA_REPO $rootdir/repos/pleroma
-        git clone $POSTACTIV_REPO $rootdir/repos/postactiv
+        #git clone $POSTACTIV_REPO $rootdir/repos/postactiv
         return
     fi
 
     git clone $FRIENDICA_REPO $rootdir/repos/friendica
     git clone $GNUSOCIAL_REPO $rootdir/repos/gnusocial
     git clone $GNUSOCIAL_MARKDOWN_REPO $rootdir/repos/gnusocial-markdown
-    git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
+    #git clone $QVITTER_THEME_REPO $rootdir/repos/qvitter
     git clone $PLEROMA_REPO $rootdir/repos/pleroma
-    git clone $POSTACTIV_REPO $rootdir/repos/postactiv
+    #git clone $POSTACTIV_REPO $rootdir/repos/postactiv
     git clone $SHARINGS_REPO $rootdir/repos/sharings
     git clone $HTMLY_REPO $rootdir/repos/htmly
     git clone $HUBZILLA_REPO $rootdir/repos/hubzilla

src/freedombone-image-hardware-setup

     echo "rtc_sunxi" >> /etc/initramfs-tools/modules
 }
 
+
+setup_flash_kernel() {
+    if [ ! -d /etc/flash-kernel ] ; then
+       mkdir /etc/flash-kernel
+    fi
+    echo -n "$1" > /etc/flash-kernel/machine
+
+    command_line=""
+    if [ -n "$2" ] ; then
+        command_line="console=$2"
+    fi
+
+    if [ -n "$command_line" ] ; then
+        echo flash-kernel flash-kernel/linux_cmdline string "$command_line" | debconf-set-selections
+    fi
+
+    apt-get install -y flash-kernel
+}
+
 case "$MACHINE" in
     beaglebone)
         beaglebone_setup_boot
         a20_setup_boot sun7i-a20-cubieboard2.dtb
         enable_serial_console ttyS0
         ;;
+    pcduino3)
+        a20_setup_boot sun7i-a20-pcduino3.dtb
+        enable_serial_console ttyS0
+        ;;
 esac

src/freedombone-image-make

  --roottype btrfs \
 "
         ;;
-    cubietruck | a20-olinuxino-lime | a20-olinuxino-lime2 | a20-olinuxino-micro | cubieboard2)
+    cubietruck | a20-olinuxino-lime | a20-olinuxino-lime2 | a20-olinuxino-micro | cubieboard2 | pcduino3)
         extra_pkgs="$a20_pkgs"
         extra_opts="\
  --variant minbase \

src/freedombone-image-makefile

 	$(SIGN)
 	@echo "Build complete."
 
+# build PCDuino3 SD card image
+pcduino3: prep
+	$(eval ARCHITECTURE = armhf)
+	$(eval MACHINE = pcduino3)
+	$(MAKE_IMAGE)
+	@rm -f $(ARCHIVE)
+	$(XZ) $(IMAGE)
+	@echo ""
+	$(SIGN)
+	@echo "Build complete."
+
 # build CubieTruck SD card image
 cubietruck: prep
 	$(eval ARCHITECTURE = armhf)

website/EN/installation.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-07-03 Mon 12:29 -->
+<!-- 2017-08-27 Sun 19:44 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title></title>
 </colgroup>
 <tbody>
 <tr>
-<td class="org-left"><a href="#org9ae206a">Building an image for a Single Board Computer or Virtual Machine</a></td>
+<td class="org-left"><a href="#orgf33fa48">Building an image for a Single Board Computer or Virtual Machine</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org31945c3">Checklist</a></td>
+<td class="org-left"><a href="#org5e8535e">Checklist</a></td>
 </tr>
 
 <tr>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org0f2759f">Installation</a></td>
+<td class="org-left"><a href="#org66f5148">Installation</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgbdecc1e">Social Key Management - the 'Unforgettable Key'</a></td>
+<td class="org-left"><a href="#org60cbf3c">Social Key Management - the 'Unforgettable Key'</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org75caec3">Final Setup</a></td>
+<td class="org-left"><a href="#org07d21e3">Final Setup</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org4ec5353">Keydrives</a></td>
+<td class="org-left"><a href="#org214cad8">Keydrives</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org125e66b">On Client Machines</a></td>
+<td class="org-left"><a href="#org91e37f6">On Client Machines</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgf76a31b">Administering the system</a></td>
+<td class="org-left"><a href="#org9748f8d">Administering the system</a></td>
 </tr>
 </tbody>
 </table>
 
-<div id="outline-container-org9ae206a" class="outline-2">
-<h2 id="org9ae206a">Building an image for a Single Board Computer or Virtual Machine</h2>
-<div class="outline-text-2" id="text-org9ae206a">
+<div id="outline-container-orgf33fa48" class="outline-2">
+<h2 id="orgf33fa48">Building an image for a Single Board Computer or Virtual Machine</h2>
+<div class="outline-text-2" id="text-orgf33fa48">
 <p>
 You don't have to trust images downloaded from random internet locations signed with untrusted keys. You can build one from scratch yourself, and this is the recommended procedure for maximum security. For guidance on how to build images see the manpage for the <b>freedombone-image</b> command.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org31945c3" class="outline-2">
-<h2 id="org31945c3">Checklist</h2>
-<div class="outline-text-2" id="text-org31945c3">
+<div id="outline-container-org5e8535e" class="outline-2">
+<h2 id="org5e8535e">Checklist</h2>
+<div class="outline-text-2" id="text-org5e8535e">
 <p>
 Before installing Freedombone you will need a few things.
 </p>
 </ul>
 </div>
 </div>
-<div id="outline-container-org0f2759f" class="outline-2">
-<h2 id="org0f2759f">Installation</h2>
-<div class="outline-text-2" id="text-org0f2759f">
+<div id="outline-container-org66f5148" class="outline-2">
+<h2 id="org66f5148">Installation</h2>
+<div class="outline-text-2" id="text-org66f5148">
 <p>
 There are three install options: Laptop/Desktop/Netbook, SBC and Virtual Machine.
 </p>
 </div>
 
-<div id="outline-container-org7ab5896" class="outline-3">
-<h3 id="org7ab5896">On a Laptop, Netbook or Desktop machine</h3>
-<div class="outline-text-3" id="text-org7ab5896">
+<div id="outline-container-org38af249" class="outline-3">
+<h3 id="org38af249">On a Laptop, Netbook or Desktop machine</h3>
+<div class="outline-text-3" id="text-org38af249">
 <p>
 If you have an existing system, such as an old laptop or netbook which you can leave running as a server, then install a new version of Debian Stretch onto it. During the Debian install you won't need the print server or the desktop environment, and unchecking those will reduce the attack surface. Once Debian enter the following commands:
 </p>
 </div>
 </div>
 
-<div id="outline-container-org71fafdc" class="outline-3">
-<h3 id="org71fafdc">On a single board computer (SBC)</h3>
-<div class="outline-text-3" id="text-org71fafdc">
+<div id="outline-container-orgcb99559" class="outline-3">
+<h3 id="orgcb99559">On a single board computer (SBC)</h3>
+<div class="outline-text-3" id="text-orgcb99559">
 <p>
 Currently the following boards are supported:
 </p>
 <li><a href="https://beagleboard.org/BLACK">Beaglebone Black</a></li>
 <li><a href="https://linux-sunxi.org/Cubietech_Cubieboard2">Cubieboard 2</a></li>
 <li><a href="https://linux-sunxi.org/Cubietruck">Cubietruck (Cubieboard 3)</a></li>
+<li><a href="https://www.sparkfun.com/products/retired/12856">PCDuino3</a></li>
 <li><a href="https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME/open-source-hardware">olinuxino Lime</a></li>
 <li><a href="https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME2/open-source-hardware">olinuxino Lime2</a></li>
 <li><a href="https://www.olimex.com/Products/OlinuXino/A20/A20-OlinuXino-MICRO/open-source-hardware">olinuxino Micro</a></li>
 </div>
 </div>
 
-<div id="outline-container-org49acf4b" class="outline-3">
-<h3 id="org49acf4b">As a Virtual Machine</h3>
-<div class="outline-text-3" id="text-org49acf4b">
+<div id="outline-container-org513a1c0" class="outline-3">
+<h3 id="org513a1c0">As a Virtual Machine</h3>
+<div class="outline-text-3" id="text-org513a1c0">
 <p>
 Qemu is currently supported, since it's s fully free software system. You can run a 64 bit Qemu image with:
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgbdecc1e" class="outline-2">
-<h2 id="orgbdecc1e">Social Key Management - the 'Unforgettable Key'</h2>
-<div class="outline-text-2" id="text-orgbdecc1e">
+<div id="outline-container-org60cbf3c" class="outline-2">
+<h2 id="org60cbf3c">Social Key Management - the 'Unforgettable Key'</h2>
+<div class="outline-text-2" id="text-org60cbf3c">
 <p>
 During the install procedure you will be asked if you wish to import GPG keys. If you don't already possess GPG keys then just select "Ok" and they will be generated during the install. If you do already have GPG keys then there are a few possibilities
 </p>
 </div>
 
-<div id="outline-container-orgcf6835e" class="outline-3">
-<h3 id="orgcf6835e">You have the gnupg keyring on an encrypted USB drive</h3>
-<div class="outline-text-3" id="text-orgcf6835e">
+<div id="outline-container-org89d4331" class="outline-3">
+<h3 id="org89d4331">You have the gnupg keyring on an encrypted USB drive</h3>
+<div class="outline-text-3" id="text-org89d4331">
 <p>
 If you previously made a master keydrive containing the full keyring (the .gnupg directory). This is the most straightforward case, but not as secure as splitting the key into fragments.
 </p>
 </div>
 </div>
-<div id="outline-container-org954990d" class="outline-3">
-<h3 id="org954990d">You have a number of key fragments on USB drives retrieved from friends</h3>
-<div class="outline-text-3" id="text-org954990d">
+<div id="outline-container-org573fd89" class="outline-3">
+<h3 id="org573fd89">You have a number of key fragments on USB drives retrieved from friends</h3>
+<div class="outline-text-3" id="text-org573fd89">
 <p>
-If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more <a href="#org4ec5353">Keydrives</a>.
+If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more <a href="#org214cad8">Keydrives</a>.
 </p>
 </div>
 </div>
-<div id="outline-container-org8493049" class="outline-3">
-<h3 id="org8493049">You can specify some ssh login details for friends servers containing key fragments</h3>
-<div class="outline-text-3" id="text-org8493049">
+<div id="outline-container-org7815393" class="outline-3">
+<h3 id="org7815393">You can specify some ssh login details for friends servers containing key fragments</h3>
+<div class="outline-text-3" id="text-org7815393">
 <p>
 Enter three or more sets of login details and the installer will try to retrieve key fragments and then assemble them into the full key. This only works if you previously were using remote backups and had social key management enabled.
 </p>
 </div>
 </div>
 </div>
-<div id="outline-container-org75caec3" class="outline-2">
-<h2 id="org75caec3">Final Setup</h2>
-<div class="outline-text-2" id="text-org75caec3">
+<div id="outline-container-org07d21e3" class="outline-2">
+<h2 id="org07d21e3">Final Setup</h2>
+<div class="outline-text-2" id="text-org07d21e3">
 <p>
 Any manual post-installation setup instructions or passwords can be found in /home/username/README.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org4ec5353" class="outline-2">
-<h2 id="org4ec5353">Keydrives</h2>
-<div class="outline-text-2" id="text-org4ec5353">
+<div id="outline-container-org214cad8" class="outline-2">
+<h2 id="org214cad8">Keydrives</h2>
+<div class="outline-text-2" id="text-org214cad8">
 <p>
 After installing for the first time it's a good idea to create some keydrives. These will store your gpg key so that if all else fails you will still be able to restore from backup. There are two ways to do this:
 </p>
 </div>
-<div id="outline-container-org8e2343a" class="outline-3">
-<h3 id="org8e2343a">Master Keydrive</h3>
-<div class="outline-text-3" id="text-org8e2343a">
+<div id="outline-container-orge92aaa8" class="outline-3">
+<h3 id="orge92aaa8">Master Keydrive</h3>
+<div class="outline-text-3" id="text-orge92aaa8">
 <p>
 This is the traditional security model in which you carry your full keyring on an encrypted USB drive. To make a master keydrive first format a USB drive as a LUKS encrypted drive. In Ubuntu this can be <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">done from the <i>Disk Utility</i> application</a>. Then plug it into the Freedombone system, then from your local machine run:
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-orgd192484" class="outline-3">
-<h3 id="orgd192484">Fragment keydrives</h3>
-<div class="outline-text-3" id="text-orgd192484">
+<div id="outline-container-org0e3ed8a" class="outline-3">
+<h3 id="org0e3ed8a">Fragment keydrives</h3>
+<div class="outline-text-3" id="text-org0e3ed8a">
 <p>
 This breaks your GPG key into a number of fragments and randomly selects one to add to the USB drive. First format a USB drive as a LUKS encrypted drive. In Ubuntu this <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">can be done from the <i>Disk Utility</i> application</a>. Plug it into the Freedombone system then from your local machine run the following commands:
 </p>
 </div>
 </div>
 </div>
-<div id="outline-container-org125e66b" class="outline-2">
-<h2 id="org125e66b">On Client Machines</h2>
-<div class="outline-text-2" id="text-org125e66b">
+<div id="outline-container-org91e37f6" class="outline-2">
+<h2 id="org91e37f6">On Client Machines</h2>
+<div class="outline-text-2" id="text-org91e37f6">
 <p>
 You can configure laptops or desktop machines which connect to the Freedombone server in the following way. This alters encryption settings to improve overall security.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgf76a31b" class="outline-2">
-<h2 id="orgf76a31b">Administering the system</h2>
-<div class="outline-text-2" id="text-orgf76a31b">
+<div id="outline-container-org9748f8d" class="outline-2">
+<h2 id="org9748f8d">Administering the system</h2>
+<div class="outline-text-2" id="text-org9748f8d">
 <p>
 To administer the system after installation log in via ssh, become the root user and then launch the control panel.
 </p>