瀏覽代碼

Merge branch 'stretch' of https://github.com/bashrc/freedombone

Bob Mottram 7 年之前
父節點
當前提交
e9c901fdac

+ 1
- 0
src/freedombone-adduser 查看文件

@@ -237,6 +237,7 @@ fi
237 237
 
238 238
 # add user menu on ssh login
239 239
 if ! grep -q 'controluser' "/home/$ADD_USERNAME/.bashrc"; then
240
+    echo 'export PS1="\W \$"' >> "/home/$ADD_USERNAME/.bashrc"
240 241
     echo 'controluser' >> "/home/$ADD_USERNAME/.bashrc"
241 242
 fi
242 243
 

+ 1
- 1
src/freedombone-app-pleroma 查看文件

@@ -38,7 +38,7 @@ PLEROMA_CODE=
38 38
 PLEROMA_PORT=4000
39 39
 PLEROMA_ONION_PORT=8011
40 40
 PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git"
41
-PLEROMA_COMMIT='7130e9ddb16286efd7d01088e816f05e82cfa2a1'
41
+PLEROMA_COMMIT='303289d7daac3a51f991bb8603f36628a5d944c1'
42 42
 PLEROMA_ADMIN_PASSWORD=
43 43
 PLEROMA_DIR=/etc/pleroma
44 44
 PLEROMA_SECRET_KEY=""

+ 35
- 16
src/freedombone-base-email 查看文件

@@ -225,6 +225,7 @@ function email_create_template {
225 225
 }
226 226
 
227 227
 function create_email_onion_address {
228
+    email_hostname='/var/lib/tor/hidden_service_email/hostname'
228 229
     if ! grep -q "hidden_service_email" /etc/tor/torrc; then
229 230
         { echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/';
230 231
           echo 'HiddenServiceVersion 3';
@@ -238,18 +239,21 @@ function create_email_onion_address {
238 239
         function_check wait_for_onion_service
239 240
         wait_for_onion_service email
240 241
 
241
-        if [ ! -f /var/lib/tor/hidden_service_email/hostname ]; then
242
+        if [ ! -f $email_hostname ]; then
242 243
             echo $"email onion site hostname not found"
243 244
             systemctl restart tor
244 245
             exit 782352
245 246
         fi
246 247
 
247
-        onion_address=$(cat /var/lib/tor/hidden_service_email/hostname)
248
+        onion_address=$(cat $email_hostname)
248 249
         set_completion_param "email onion domain" "${onion_address}"
249 250
         add_email_hostname "$onion_address"
250 251
     else
251
-        onion_address=$(cat /var/lib/tor/hidden_service_email/hostname)
252
+        onion_address=$(cat $email_hostname)
252 253
     fi
254
+    cp $email_hostname /etc/skel/.email_onion_domain
255
+    cp $email_hostname "/home/$MY_USERNAME/.email_onion_domain"
256
+    chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.email_onion_domain"
253 257
 }
254 258
 
255 259
 function configure_email_onion {
@@ -262,17 +266,17 @@ function configure_email_onion {
262 266
 
263 267
     create_email_onion_address
264 268
 
265
-    #apt-get -yq install tinycdb perl
269
+    apt-get -yq install perl
266 270
 
267 271
     # MX record should be:
268 272
     # _onion-mx._tcp
269 273
     # 20:$onion_address
270 274
     # 3600 IN SRV 0 5 25 $onion_address
271 275
 
272
-    # Test with: exim -d -bt username@$onion_address
273
-
274
-    #echo "$DEFAULT_DOMAIN_NAME $onion_address" > /etc/exim4/onionrelay.txt
275
-    #cdb -m -c -t ~/onionrelay.tmp /etc/exim4/onionrelay.cdb /etc/exim4/onionrelay.txt
276
+    # To test the system, on receiving server:
277
+    #   exim -bd -d -oX 25
278
+    # On the sensing server:
279
+    #   exim -d -oX 25 -bt username@$onion_address
276 280
 
277 281
     { echo "perl_startup = do '/etc/exim4/perl-routines.pl'";
278 282
       echo "perl_at_start"; } > /etc/exim4/conf.d/main/00_exim4-config_perl
@@ -290,26 +294,32 @@ function configure_email_onion {
290 294
       echo "  return 'no_such_host';";
291 295
       echo "}"; } > /etc/exim4/perl-routines.pl
292 296
 
293
-    #{ echo "ONION_RELAYDB=/etc/exim4/onionrelay.cdb";
294
-    #  echo "domainlist onion_relays     = cdb;ONION_RELAYDB"; } > /etc/exim4/conf.d/main/48_exim4-config_onion_relays
295
-
296 297
     { echo "riseup:";
297 298
       echo "  driver    = manualroute";
298 299
       echo "  domains   = riseup.net";
299 300
       echo "  transport = onion_relay";
301
+      echo "  headers_remove = Received:Message-ID:X-Mailer:User-Agent";
302
+      echo "  headers_add = Message-ID: <\${lc:\${sha1:\$message_id}}@\$sender_address_domain>";
300 303
       echo "  route_data = \${perl{onionLookup}{$RISEUP_EMAIL_ONION}}"
301
-      echo "  no_more"; } > /etc/exim4/conf.d/router/049_exim4-config-riseup
304
+      echo "  no_more"; } > /etc/exim4/conf.d/router/905_exim4-config-riseup
305
+
306
+    if ! grep -q "*.onion" /etc/exim4/conf.d/router/200_exim4-config_primary; then
307
+       sed -i 's|domains = ! +local_domains|domains = ! +local_domains : ! *.onion : ! riseup.net|g' /etc/exim4/conf.d/router/200_exim4-config_primary
308
+    fi
302 309
 
303 310
     { echo "onionrelays:";
304 311
       echo "  driver    = manualroute";
305 312
       echo "  domains   = *.onion";
306 313
       echo "  transport = onion_relay";
307
-      #echo "  route_data = \${lookup dnsdb{a=\$domain}}";
314
+      echo "  headers_remove = Received:Message-ID:X-Mailer:User-Agent";
315
+      echo "  headers_add = Message-ID: <\${lc:\${sha1:\$message_id}}@\$sender_address_domain>";
308 316
       echo "  route_data = \${perl{onionLookup}{\$domain}}"
309
-      echo "  no_more"; } > /etc/exim4/conf.d/router/050_exim4-config-onionrelays
317
+      echo "  no_more"; } > /etc/exim4/conf.d/router/910_exim4-config-onionrelays
310 318
 
311 319
     { echo "onion_relay:";
312 320
       echo "  driver = smtp";
321
+      echo "  helo_data = \"\$address_data \$original_domain\"";
322
+      echo "  hosts_avoid_tls = *";
313 323
       echo "  socks_proxy = 127.0.0.1 port=9050"; } > /etc/exim4/conf.d/transport/050_exim4-config_onion_relay
314 324
 
315 325
     if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then
@@ -366,7 +376,7 @@ function check_email_address_exists {
366 376
 
367 377
     if [[ $ONION_ONLY != 'no' ]]; then
368 378
         my_email=$onion_address
369
-        MY_EMAIL_ADDRESS=$onion_address
379
+        MY_EMAIL_ADDRESS="${MY_USERNAME}@$onion_address"
370 380
         write_config_param "MY_EMAIL_ADDRESS" "$MY_EMAIL_ADDRESS"
371 381
     fi
372 382
 }
@@ -650,6 +660,14 @@ function email_client {
650 660
       echo '# Optional relay of SMTP via ISP';
651 661
       echo '#set smtp_url="smtps://username:password@isp_mail_domain:465/"'; } > /etc/Muttrc
652 662
 
663
+    if [[ "$ONION_ONLY" != 'no' ]]; then
664
+        # On onion only systems email is onion router anyway, with its
665
+        # own encryption system, so we don't need the additional pgp layer
666
+        # except perhaps for some additional confidence
667
+        sed -i 's|set pgp_autoencrypt|unset pgp_autoencrypt|g' /etc/Muttrc
668
+        sed -i 's|set pgp_autosign|unset pgp_autosign|g' /etc/Muttrc
669
+    fi
670
+
653 671
     # For viewing long URLs
654 672
     echo 'REGEXP (((http|https|ftp|gopher)|mailto)[.:][^ >"\t]*|www\.[-a-z0-9.]+)[^ .,;\t>">\):]' > "/home/$MY_USERNAME/.urlview"
655 673
     echo 'COMMAND lynx -dump -width=78 -nolist %s' >> "/home/$MY_USERNAME/.urlview"
@@ -1094,7 +1112,8 @@ function spam_filtering {
1094 1112
     # This configuration is based on https://wiki.debian.org/DebianSpamAssassin
1095 1113
     sed -i 's/local_parts = postmaster/local_parts = postmaster:abuse/g' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
1096 1114
     sed -i '/domains = +local_domains : +relay_to_domains/a\    set acl_m0 = rfcnames' /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
1097
-    sed -i "s/accept/accept condition = \${if eq{\$acl_m0}{rfcnames} {1}{0}}/g" /etc/exim4/conf.d/acl/40_exim4-config_check_data
1115
+    # This prevents .onion domains from being accepted
1116
+    #sed -i "s/accept/accept condition = \${if eq{\$acl_m0}{rfcnames} {1}{0}}/g" /etc/exim4/conf.d/acl/40_exim4-config_check_data
1098 1117
 
1099 1118
     { echo "warn  message = X-Spam-Score: \$spam_score (\$spam_bar)";
1100 1119
       echo '      spam = nobody:true';

+ 36
- 11
src/freedombone-controlpanel-user 查看文件

@@ -852,22 +852,44 @@ function menu_run_client_app {
852 852
 function show_your_email_address {
853 853
     GPG_FINGERPRINT=$(gpg --fingerprint "$GPG_ID" | sed -n '2p' | sed 's/^[ \t]*//')
854 854
     GPG_DATE=$(gpg --fingerprint "$GPG_ID" | grep -i "pub" | head -n 1 | awk -F ' ' '{print $3}')
855
-    if [ ! -f ~/.mutt/bdsmail ]; then
856
-        dialog --title $"Show your Email Address" \
857
-               --backtitle $"Freedombone User Control Panel" \
858
-               --msgbox $"Email Address: $MY_EMAIL_ADDRESS\\n\\nKey ID: $GPG_ID\\n\\nFingerprint: $GPG_FINGERPRINT\\n\\nCreated: $GPG_DATE" 12 70
859
-    else
855
+    onion_domain=
856
+    if [ -f "$HOME/.email_onion_domain" ]; then
857
+        onion_domain=$(cat "$HOME/.email_onion_domain")
858
+    fi
859
+    dialog_height=14
860
+    onionemailstr=
861
+    if [[ "$HOSTNAME" != *'.onion' && "$onion_domain" ]]; then
862
+        onionemailstr="\\n\\nOnion Email: ${USER}@${onion_domain}"
863
+        dialog_height=$((dialog_height+3))
864
+    fi
865
+    msgstrbase=$"\\nYou can press SHIFT and then drag the mouse and right click to copy.\\n\\nEmail Address: ${MY_EMAIL_ADDRESS}${onionemailstr}\\n\\nKey ID: ${GPG_ID}\\n\\nFingerprint: ${GPG_FINGERPRINT}\\n\\nCreated: ${GPG_DATE}"
866
+    bdsmail_address=
867
+    bdsmailstr=
868
+    if [ -f ~/.mutt/bdsmail ]; then
860 869
         bdsmail_address=$(grep 'set from=' ~/.mutt/bdsmail | awk -F '=' '{print $2}')
861
-        dialog --title $"Show your Email Address" \
862
-               --backtitle $"Freedombone User Control Panel" \
863
-               --msgbox $"\\nYou can press SHIFT and then drag the mouse and right click to copy.\\n\\nEmail Address: $MY_EMAIL_ADDRESS\\n\\nKey ID: $GPG_ID\\n\\nFingerprint: $GPG_FINGERPRINT\\n\\nCreated: $GPG_DATE\\n\\nI2P Address: ${bdsmail_address}" 17 90
870
+        bdsmailstr="\\n\\nI2P Address: ${bdsmail_address}"
871
+        dialog_height=$((dialog_height+3))
872
+    fi
873
+
874
+    dialog --title $"Show your Email Address" \
875
+           --backtitle $"Freedombone User Control Panel" \
876
+           --msgbox "${msgstrbase}${bdsmailstr}" $dialog_height 100
877
+
878
+    if [ "$onion_domain" ]; then
864 879
         clear
865 880
         echo ''
866
-        echo $'Your bdsmail address as a QR code'
881
+        echo $'Your onion email address:'
867 882
         echo ''
868
-        echo -n "${bdsmail_address}" | qrencode -t UTF8
883
+        echo -n "${USER}@${onion_domain}" | qrencode -t UTF8
869 884
         echo ''
870
-        echo "${bdsmail_address}"
885
+        any_key
886
+    fi
887
+    if [ "${bdsmail_address}" ]; then
888
+        clear
889
+        echo ''
890
+        echo $'Your bdsmail address:'
891
+        echo ''
892
+        echo -n "${bdsmail_address}" | qrencode -t UTF8
871 893
         echo ''
872 894
         any_key
873 895
     fi
@@ -912,4 +934,7 @@ menu_top_level
912 934
 clear
913 935
 # shellcheck disable=SC1090
914 936
 . ~/.bashrc
937
+cat /etc/motd
938
+echo -e $'Type "sudo su" for root access, or "control" to restart\nthe control panel.'
939
+echo ''
915 940
 exit 0

+ 3
- 2
src/freedombone-image-customise 查看文件

@@ -1627,7 +1627,7 @@ EOF
1627 1627
 
1628 1628
     if [[ "$VARIANT" == "usb" ]]; then
1629 1629
         # tor
1630
-        chroot "$rootdir" apt-get -yq install tor
1630
+        chroot "$rootdir" apt-get -yq -t stretch-backports install tor
1631 1631
 
1632 1632
         # xmpp client
1633 1633
         chroot "$rootdir" echo "deb ftp://ftp.gajim.org/debian unstable main" > /etc/apt/sources.list.d/gajim.list
@@ -1760,7 +1760,8 @@ image_setup_utils() {
1760 1760
     chroot "$rootdir" apt-get -yq install vim-common python3 unattended-upgrades
1761 1761
 
1762 1762
     # Tor and ssh over tor
1763
-    chroot "$rootdir" apt-get -yq install tor connect-proxy
1763
+    chroot "$rootdir" apt-get -yq -t stretch-backports install tor
1764
+    chroot "$rootdir" apt-get -yq install connect-proxy
1764 1765
     chroot "$rootdir" connect-proxy
1765 1766
     sed -i 's|#Log notice file.*|Log notice file /dev/null|g' "$rootdir/etc/tor/torrc"
1766 1767
     sed -i 's|Log notice file.*|Log notice file /dev/null|g' "$rootdir/etc/tor/torrc"

+ 1
- 0
src/freedombone-upgrade 查看文件

@@ -102,6 +102,7 @@ if [ -d "$PROJECT_DIR" ]; then
102 102
         email_install_tls
103 103
         email_disable_chunking
104 104
         rm /etc/exim4/exim4.conf.template.bak*
105
+        email_update_onion_domain
105 106
         #defrag_filesystem
106 107
 
107 108
         # reinstall tor from backports

+ 23
- 0
src/freedombone-utils-final 查看文件

@@ -64,6 +64,7 @@ $(get_ssh_server_key)
64 64
 
65 65
     # add user menu on ssh login
66 66
     if ! grep -q 'controluser' "/home/$MY_USERNAME/.bashrc"; then
67
+        echo 'export PS1="\W \$"' >> "/home/$MY_USERNAME/.bashrc"
67 68
         echo 'controluser' >> "/home/$MY_USERNAME/.bashrc"
68 69
     fi
69 70
     if [ ! -f "$IMAGE_PASSWORD_FILE" ]; then
@@ -124,6 +125,25 @@ function create_default_user_removal_daemon {
124 125
     systemctl enable firststart
125 126
 }
126 127
 
128
+function final_set_onion_hostname {
129
+    if [[ "$ONION_ONLY" == 'no' ]]; then
130
+        return
131
+    fi
132
+
133
+    if [ ! -f /var/lib/tor/hidden_service_email/hostname ]; then
134
+        echo $'No onion domain for email was found'
135
+        exit 368365
136
+    fi
137
+    onion_domain=$(cat /var/lib/tor/hidden_service_email/hostname)
138
+
139
+    echo "$onion_domain" > /etc/hostname
140
+    hostname "$onion_domain"
141
+
142
+    echo "127.0.1.1  $onion_domain" >> /etc/hosts
143
+
144
+    echo "$onion_domain" > /etc/mailname
145
+}
146
+
127 147
 function setup_final {
128 148
     function_check update_installed_apps_list
129 149
     update_installed_apps_list
@@ -131,6 +151,9 @@ function setup_final {
131 151
     function_check create_default_user_removal_daemon
132 152
     create_default_user_removal_daemon
133 153
 
154
+    function_check final_set_onion_hostname
155
+    final_set_onion_hostname
156
+
134 157
     function_check install_tripwire
135 158
     install_tripwire
136 159
 

+ 4
- 2
src/freedombone-utils-onion 查看文件

@@ -224,7 +224,8 @@ function enable_ssh_via_onion {
224 224
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
225 225
         return
226 226
     fi
227
-    apt-get -yq install tor connect-proxy
227
+    echo 'N' | apt-get -yq -t stretch-backports install tor
228
+    apt-get -yq install connect-proxy
228 229
     if ! grep -q 'Host *.onion' "/home/$MY_USERNAME/.ssh/config"; then
229 230
         if [ ! -d "/home/$MY_USERNAME/.ssh" ]; then
230 231
             mkdir "/home/$MY_USERNAME/.ssh"
@@ -339,7 +340,8 @@ function route_outgoing_traffic_through_tor {
339 340
     if [[ $ROUTE_THROUGH_TOR != "yes" ]]; then
340 341
         return
341 342
     fi
342
-    apt-get -yq install tor tor-arm
343
+    echo 'N' | apt-get -yq -t stretch-backports install tor
344
+    echo 'N' | apt-get -yq -t stretch-backports install tor-arm
343 345
 
344 346
     ### set variables
345 347
     # Destinations you don't want routed through Tor

+ 14
- 0
src/freedombone-utils-web 查看文件

@@ -1006,6 +1006,20 @@ function email_disable_chunking {
1006 1006
     systemctl restart exim4
1007 1007
 }
1008 1008
 
1009
+function email_update_onion_domain {
1010
+    email_hostname='/var/lib/tor/hidden_service_email/hostname'
1011
+
1012
+    cp $email_hostname /etc/skel/.email_onion_domain
1013
+
1014
+    for d in /home/*/ ; do
1015
+        USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
1016
+        if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
1017
+            cp $email_hostname "/home/$USERNAME/.email_onion_domain"
1018
+            chown "$USERNAME":"$USERNAME" "/home/$USERNAME/.email_onion_domain"
1019
+        fi
1020
+    done
1021
+}
1022
+
1009 1023
 function email_install_tls {
1010 1024
     tls_config_file=/etc/exim4/conf.d/main/03_exim4-config_tlsoptions
1011 1025
     tls_auth_config_file=/etc/exim4/conf.d/auth/30_exim4-config_examples