Install monkeysphere

src/freedombone

@@ -5338,6 +5338,15 @@ function configure_backup_key {
     echo 'configure_backup_key' >> $COMPLETION_FILE
 }
 
+function install_monkeysphere {
+    if grep -Fxq "install_monkeysphere" $COMPLETION_FILE; then
+        return
+    fi
+    apt-get -y install monkeysphere msva-perl
+
+    echo 'install_monkeysphere' >> $COMPLETION_FILE
+}
+
 function encrypt_incoming_email {
     # encrypts incoming mail using your GPG public key
     # so even if an attacker gains access to the data at rest they still need
@@ -10663,6 +10672,7 @@ configure_imap
 #configure_imap_client_certs
 configure_gpg
 configure_backup_key
+install_monkeysphere
 encrypt_incoming_email
 encrypt_outgoing_email
 email_client

src/freedombone-image-customise

@@ -87,55 +87,55 @@ WIFI_HOTSPOT='no'
 WIFI_NETWORKS_FILE=~/${PROJECT_NAME}-wifi.cfg
 
 enable_eatmydata_override() {
-	chroot $rootdir apt-get install --no-install-recommends -y eatmydata
-	if [ -x $rootdir/usr/bin/eatmydata ] && \
-		   [ ! -f $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata ]; then
-		echo $"info: Adding apt config to call dpkg via eatmydata"
-		printf "#!/bin/sh\nexec eatmydata dpkg \"\$@\"\n" \
-			   > $rootdir/var/tmp/dpkg-eatmydata
-		chmod 755 $rootdir/var/tmp/dpkg-eatmydata
-		cat > $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata <<EOF
-			Dir::Bin::dpkg "/var/tmp/dpkg-eatmydata";
-			EOF
-	else
-		echo $"error: unable to find /usr/bin/eatmydata after installing the eatmydata package"
-	fi
+    chroot $rootdir apt-get install --no-install-recommends -y eatmydata
+    if [ -x $rootdir/usr/bin/eatmydata ] && \
+           [ ! -f $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata ]; then
+        echo $"info: Adding apt config to call dpkg via eatmydata"
+        printf "#!/bin/sh\nexec eatmydata dpkg \"\$@\"\n" \
+               > $rootdir/var/tmp/dpkg-eatmydata
+        chmod 755 $rootdir/var/tmp/dpkg-eatmydata
+        cat > $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata <<EOF
+            Dir::Bin::dpkg "/var/tmp/dpkg-eatmydata";
+            EOF
+    else
+        echo $"error: unable to find /usr/bin/eatmydata after installing the eatmydata package"
+    fi
 }
 
 disable_eatmydata_override() {
-	for override in \
-		/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata \
-			/var/tmp/dpkg-eatmydata ; do
-		echo $"info: Removing apt config to call dpkg via eatmydata"
-		if [ -f $rootdir$override ] ; then
-			rm -f $rootdir$override
-		else
-			echo $"warning: missing $rootdir$override"
-		fi
-	done
-	sync # Flush file buffers before continuing
+    for override in \
+        /etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata \
+            /var/tmp/dpkg-eatmydata ; do
+        echo $"info: Removing apt config to call dpkg via eatmydata"
+        if [ -f $rootdir$override ] ; then
+            rm -f $rootdir$override
+        else
+            echo $"warning: missing $rootdir$override"
+        fi
+    done
+    sync # Flush file buffers before continuing
 }
 
 set_apt_sources() {
-	NEW_MIRROR="$1"
-	COMPONENTS="main"
+    NEW_MIRROR="$1"
+    COMPONENTS="main"
 
-	cat <<EOF > etc/apt/sources.list
-		deb $NEW_MIRROR $SUITE $COMPONENTS
-		deb-src $NEW_MIRROR $SUITE $COMPONENTS
+    cat <<EOF > etc/apt/sources.list
+        deb $NEW_MIRROR $SUITE $COMPONENTS
+        deb-src $NEW_MIRROR $SUITE $COMPONENTS
 
-		#deb http://security.debian.org/ $SUITE/updates main
-		#deb-src http://security.debian.org/ $SUITE/updates main
-		EOF
+        #deb http://security.debian.org/ $SUITE/updates main
+        #deb-src http://security.debian.org/ $SUITE/updates main
+        EOF
 }
 
 configure_networking() {
-	if [[ $DEBIAN_INSTALL_ONLY != "no" ]]; then
-		return
-	fi
+    if [[ $DEBIAN_INSTALL_ONLY != "no" ]]; then
+        return
+    fi
     
-	if [[ $GENERIC_IMAGE == "no" ]]; then
-		echo "# This file describes the network interfaces available on your system
+    if [[ $GENERIC_IMAGE == "no" ]]; then
+        echo "# This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).
 
 # The loopback network interface
@@ -149,43 +149,43 @@ iface eth0 inet static
     netmask 255.255.255.0
     gateway $ROUTER_IP_ADDRESS
     dns-nameservers $NAMESERVER1 $NAMESERVER2
-		# Example to keep MAC address between reboots
-		#hwaddress ether B5:A2:BE:3F:1A:FE
-
-		# The secondary network interface
-		#auto eth1
-		#iface eth1 inet dhcp
-
-		# WiFi Example
-		#auto wlan0
-		#iface wlan0 inet dhcp
-		#    wpa-ssid \"essid\"
-		#    wpa-psk  \"password\"
-
-		# Ethernet/RNDIS gadget (g_ether)
-		# ... or on host side, usbnet and random hwaddr
-		# Note on some boards, usb0 is automaticly setup with an init script
-		#iface usb0 inet static
-		#    address 192.168.7.2
-		#    netmask 255.255.255.0
-		#    network 192.168.7.0
-		#    gateway 192.168.7.1" > $rootdir/etc/network/interfaces
-
-		hexarray=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )
-		a=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
-		b=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
-		c=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
-		d=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
-		e=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
-		sed -i "s|#hwaddress ether.*|hwaddress ether de:$a:$b:$c:$d:$e|g" \
-			$rootdir/etc/network/interfaces
-	fi
-
-	sed -i "s/nameserver.*/nameserver $NAMESERVER1/g" $rootdir/etc/resolv.conf
-	sed -i "/nameserver $NAMESERVER1/a\nameserver $NAMESERVER2" $rootdir/etc/resolv.conf
-
-	# change the motd to show further install instructions
-	echo $"
+        # Example to keep MAC address between reboots
+        #hwaddress ether B5:A2:BE:3F:1A:FE
+
+        # The secondary network interface
+        #auto eth1
+        #iface eth1 inet dhcp
+
+        # WiFi Example
+        #auto wlan0
+        #iface wlan0 inet dhcp
+        #    wpa-ssid \"essid\"
+        #    wpa-psk  \"password\"
+
+        # Ethernet/RNDIS gadget (g_ether)
+        # ... or on host side, usbnet and random hwaddr
+        # Note on some boards, usb0 is automaticly setup with an init script
+        #iface usb0 inet static
+        #    address 192.168.7.2
+        #    netmask 255.255.255.0
+        #    network 192.168.7.0
+        #    gateway 192.168.7.1" > $rootdir/etc/network/interfaces
+
+        hexarray=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )
+        a=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
+        b=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
+        c=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
+        d=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
+        e=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
+        sed -i "s|#hwaddress ether.*|hwaddress ether de:$a:$b:$c:$d:$e|g" \
+            $rootdir/etc/network/interfaces
+    fi
+
+    sed -i "s/nameserver.*/nameserver $NAMESERVER1/g" $rootdir/etc/resolv.conf
+    sed -i "/nameserver $NAMESERVER1/a\nameserver $NAMESERVER2" $rootdir/etc/resolv.conf
+
+    # change the motd to show further install instructions
+    echo $"
  .---.                  .              .
  |                      |              |
  |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
@@ -204,57 +204,57 @@ following commands, then enter your details.
 }
 
 configure_ssh() {
-	sed -i "s/Port .*/Port ${SSH_PORT}/g" $rootdir/etc/ssh/sshd_config
-
-	if [[ "$SSH_PUBKEY" != "no" ]]; then
-		if [ ! -d $rootdir/home/$MY_USERNAME/.ssh ]; then
-			mkdir $rootdir/home/$MY_USERNAME/.ssh
-		fi
-		echo "$SSH_PUBKEY" > $rootdir/home/$MY_USERNAME/.ssh/authorized_keys
-		chroot $rootdir chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
-		sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config
-		echo $"Using ssh public key:"
-		echo $SSH_PUBKEY
-		echo $'Password ssh authentication turned off'
-	fi
+    sed -i "s/Port .*/Port ${SSH_PORT}/g" $rootdir/etc/ssh/sshd_config
+
+    if [[ "$SSH_PUBKEY" != "no" ]]; then
+        if [ ! -d $rootdir/home/$MY_USERNAME/.ssh ]; then
+            mkdir $rootdir/home/$MY_USERNAME/.ssh
+        fi
+        echo "$SSH_PUBKEY" > $rootdir/home/$MY_USERNAME/.ssh/authorized_keys
+        chroot $rootdir chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
+        sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config
+        echo $"Using ssh public key:"
+        echo $SSH_PUBKEY
+        echo $'Password ssh authentication turned off'
+    fi
 }
 
 admin_user_sudo() {
-	echo "$MY_USERNAME  ALL=(ALL) ALL" >> $rootdir/etc/sudoers
+    echo "$MY_USERNAME  ALL=(ALL) ALL" >> $rootdir/etc/sudoers
 }
 
 create_generic_image() {
-	if [[ $DEBIAN_INSTALL_ONLY != "no" ]]; then
-		return
-	fi  
-	if [[ $GENERIC_IMAGE == "no" ]]; then
-		return
-	fi
-	VARIANT="full"
-	if [ $CONFIG_FILENAME ]; then
-		if [[ "$CONFIG_FILENAME" == *"mesh.cfg"* ]]; then
-			VARIANT="mesh"
-		fi
-	fi
-
-	# Don't install any configuration. This will be a base system
-	if [[ $VARIANT != "mesh" ]]; then
-		CONFIG_FILENAME=
-	else
-		touch $rootdir/root/.initial_mesh_setup
-	fi
-
-	# The presence of this file indicates that the initial
-	# setup has not yet been completed
-	touch $rootdir/home/$MY_USERNAME/.initial_setup
-	chroot $rootdir chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.initial_setup
-	touch $rootdir/root/.initial_setup
-
-	cat >> $rootdir/home/$MY_USERNAME/.bashrc <<EOF
-		# initial setup of the system
-		if [ -f ~/.initial_setup ]; then
-			clear
-			echo "
+    if [[ $DEBIAN_INSTALL_ONLY != "no" ]]; then
+        return
+    fi  
+    if [[ $GENERIC_IMAGE == "no" ]]; then
+        return
+    fi
+    VARIANT="full"
+    if [ $CONFIG_FILENAME ]; then
+        if [[ "$CONFIG_FILENAME" == *"mesh.cfg"* ]]; then
+            VARIANT="mesh"
+        fi
+    fi
+
+    # Don't install any configuration. This will be a base system
+    if [[ $VARIANT != "mesh" ]]; then
+        CONFIG_FILENAME=
+    else
+        touch $rootdir/root/.initial_mesh_setup
+    fi
+
+    # The presence of this file indicates that the initial
+    # setup has not yet been completed
+    touch $rootdir/home/$MY_USERNAME/.initial_setup
+    chroot $rootdir chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.initial_setup
+    touch $rootdir/root/.initial_setup
+
+    cat >> $rootdir/home/$MY_USERNAME/.bashrc <<EOF
+        # initial setup of the system
+        if [ -f ~/.initial_setup ]; then
+            clear
+            echo "
  .---.                  .              .
  |                      |              |
  |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
@@ -265,189 +265,189 @@ create_generic_image() {
 
           Please enter your password a second time.
 "
-			sudo su
-		fi
-		EOF
-
-	echo '# initial setup of the system' >> $rootdir/root/.bashrc
-	echo 'if [ -f ~/.initial_setup ]; then' >> $rootdir/root/.bashrc
-	echo '    if [ -f ~/login.txt ]; then' >> $rootdir/root/.bashrc
-	echo '        NEW_USER_PASSWORD=$(printf `cat ~/login.txt`)' >> $rootdir/root/.bashrc
-	echo '    else' >> $rootdir/root/.bashrc
-	echo '        ENTROPY=$(cat /proc/sys/kernel/random/entropy_avail)' >> $rootdir/root/.bashrc
-	echo '        if [ $ENTROPY -lt 500 ]; then' >> $rootdir/root/.bashrc
-	ENTROPY_MESSAGE1=$'Initial setup process'
-	ENTROPY_MESSAGE2=$'Password Generation'
-	ENTROPY_MESSAGE3=$'WARNING: The entropy available on this system is too low to generate a password.\n\nThe installation process cannot continue.'
-	echo "            dialog --backtitle \"${ENTROPY_MESSAGE1}\" --title \"${ENTROPY_MESSAGE2}\" --msgbox \"${ENTROPY_MESSAGE3}\" 8 50" >> $rootdir/root/.bashrc
-	echo '            exit' >> $rootdir/root/.bashrc
-	echo '        fi' >> $rootdir/root/.bashrc
-	echo '        NEW_USER_PASSWORD="$(openssl rand -base64 12 | cut -c1-10)"' >> $rootdir/root/.bashrc
-	echo '    fi' >> $rootdir/root/.bashrc
-	echo '    echo "${NEW_USER_PASSWORD}" > ~/login.txt' >> $rootdir/root/.bashrc
-
-	echo '    clear' >> $rootdir/root/.bashrc
-	echo '    echo ""' >> $rootdir/root/.bashrc
-	NEW_LOGIN_PASSWORD_MESSAGE1=$'Your new login password is:'
-	NEW_LOGIN_PASSWORD_MESSAGE2=$'Use it whenever you wish to ssh into this system.'
-	NEW_LOGIN_PASSWORD_MESSAGE3=$'IMPORTANT: Please take a moment to enter the above password into a\npassword manager or write it down somewhere.'
-	PRESS_KEY_MESSAGE=$'Press any key to continue...'
-	echo "    echo \"${NEW_LOGIN_PASSWORD_MESSAGE1}\"" >> $rootdir/root/.bashrc
-	echo '    echo ""' >> $rootdir/root/.bashrc
-	echo '    toilet "${NEW_USER_PASSWORD}"' >> $rootdir/root/.bashrc
-	echo '    echo ""' >> $rootdir/root/.bashrc
-	echo '    echo "                          ${NEW_USER_PASSWORD}"' >> $rootdir/root/.bashrc
-	echo '    echo ""' >> $rootdir/root/.bashrc
-	echo "    echo \"${NEW_LOGIN_PASSWORD_MESSAGE2}\"" >> $rootdir/root/.bashrc
-	echo '    echo ""' >> $rootdir/root/.bashrc
-	echo "    echo \"${NEW_LOGIN_PASSWORD_MESSAGE3}\"" >> $rootdir/root/.bashrc
-	echo '    echo ""' >> $rootdir/root/.bashrc
-	echo "    read -n1 -r -p \"${PRESS_KEY_MESSAGE}\" key" >> $rootdir/root/.bashrc
-
-	# change the password for the admin user
-	echo -n "    echo \"${MY_USERNAME}:" >> $rootdir/root/.bashrc
-	echo '$(printf `cat ~/login.txt`)"|chpasswd' >> $rootdir/root/.bashrc
-
-	# update before continuing
-	echo "    cd /root/${PROJECT_NAME}" >> $rootdir/root/.bashrc
-	echo "    git stash" >> $rootdir/root/.bashrc
-	echo "    git pull" >> $rootdir/root/.bashrc
-	echo "    make install" >> $rootdir/root/.bashrc
-
-	if [[ $VARIANT != "mesh" ]]; then
-		if [[ $ONION_ONLY == "no" ]]; then
-			if [[ $MINIMAL_INSTALL == "no" ]]; then
-				echo "    ${PROJECT_NAME} menuconfig-full" >> $rootdir/root/.bashrc
-			else
-				echo "    ${PROJECT_NAME} menuconfig" >> $rootdir/root/.bashrc
-			fi
-		else
-			echo "    ${PROJECT_NAME} menuconfig-onion" >> $rootdir/root/.bashrc
-		fi
-	else
-		echo "    echo ''" >> $rootdir/root/.bashrc
-	fi
-	echo '    if [ "$?" = "0" ]; then' >> $rootdir/root/.bashrc
-	echo "        if [ -f ~/${PROJECT_NAME}-completed.txt ]; then" >> $rootdir/root/.bashrc
-	# Remove the initial setup files
-	echo '            rm /root/.initial_setup' >> $rootdir/root/.bashrc
-	echo "            rm /home/${MY_USERNAME}/.initial_setup" >> $rootdir/root/.bashrc
-	echo "            touch /root/.remove_${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
-	echo '            shred -zu ~/login.txt' >> $rootdir/root/.bashrc
-	END_MESSAGE1=$'Congratulations!'
-	if [[ $VARIANT != "mesh" ]]; then
-		END_MESSAGE2=$'\nYour system has now installed\n\nThe onion ssh service is at $SSH_ONION_HOSTNAME\n\nPress any key to reboot and begin using it'
-		echo '            SSH_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_ssh/hostname)' >> $rootdir/root/.bashrc
-	else
-		END_MESSAGE2=$'\nYour system has now installed\n\nPress any key to reboot and begin using it'
-	fi
-	echo "            dialog --title '$END_MESSAGE1' --msgbox \"$END_MESSAGE2\" 9 50" >> $rootdir/root/.bashrc
-	echo '            reboot' >> $rootdir/root/.bashrc
-	echo '        fi' >> $rootdir/root/.bashrc
-	echo '    else' >> $rootdir/root/.bashrc
-	echo '        key=' >> $rootdir/root/.bashrc
-	echo '        while [[ $key != "x" ]]; do' >> $rootdir/root/.bashrc
-	INSTALL_FAIL_MESSAGE=$"Install failed. Press x to continue..."
-	echo "            read -n1 -r -p \"${INSTALL_FAIL_MESSAGE}\" key" >> $rootdir/root/.bashrc
-	echo '        done' >> $rootdir/root/.bashrc
-	echo '    fi' >> $rootdir/root/.bashrc
-	echo '    exit' >> $rootdir/root/.bashrc
-	echo 'else' >> $rootdir/root/.bashrc
-	echo '    # Remove default account after install' >> $rootdir/root/.bashrc
-	echo "    if [ -f /root/.remove_${GENERIC_IMAGE_USERNAME} ]; then" >> $rootdir/root/.bashrc
-	echo "        if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then" >> $rootdir/root/.bashrc
-	echo "           userdel -r ${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
-	echo "           if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then" >> $rootdir/root/.bashrc
-	echo "               rm -rf /home/${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
-	echo "               rm /root/.remove_${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
-	echo '           fi' >> $rootdir/root/.bashrc
-	echo '        fi' >> $rootdir/root/.bashrc
-	echo '    fi' >> $rootdir/root/.bashrc
-	echo 'fi' >> $rootdir/root/.bashrc
+            sudo su
+        fi
+        EOF
+
+    echo '# initial setup of the system' >> $rootdir/root/.bashrc
+    echo 'if [ -f ~/.initial_setup ]; then' >> $rootdir/root/.bashrc
+    echo '    if [ -f ~/login.txt ]; then' >> $rootdir/root/.bashrc
+    echo '        NEW_USER_PASSWORD=$(printf `cat ~/login.txt`)' >> $rootdir/root/.bashrc
+    echo '    else' >> $rootdir/root/.bashrc
+    echo '        ENTROPY=$(cat /proc/sys/kernel/random/entropy_avail)' >> $rootdir/root/.bashrc
+    echo '        if [ $ENTROPY -lt 500 ]; then' >> $rootdir/root/.bashrc
+    ENTROPY_MESSAGE1=$'Initial setup process'
+    ENTROPY_MESSAGE2=$'Password Generation'
+    ENTROPY_MESSAGE3=$'WARNING: The entropy available on this system is too low to generate a password.\n\nThe installation process cannot continue.'
+    echo "            dialog --backtitle \"${ENTROPY_MESSAGE1}\" --title \"${ENTROPY_MESSAGE2}\" --msgbox \"${ENTROPY_MESSAGE3}\" 8 50" >> $rootdir/root/.bashrc
+    echo '            exit' >> $rootdir/root/.bashrc
+    echo '        fi' >> $rootdir/root/.bashrc
+    echo '        NEW_USER_PASSWORD="$(openssl rand -base64 12 | cut -c1-10)"' >> $rootdir/root/.bashrc
+    echo '    fi' >> $rootdir/root/.bashrc
+    echo '    echo "${NEW_USER_PASSWORD}" > ~/login.txt' >> $rootdir/root/.bashrc
+
+    echo '    clear' >> $rootdir/root/.bashrc
+    echo '    echo ""' >> $rootdir/root/.bashrc
+    NEW_LOGIN_PASSWORD_MESSAGE1=$'Your new login password is:'
+    NEW_LOGIN_PASSWORD_MESSAGE2=$'Use it whenever you wish to ssh into this system.'
+    NEW_LOGIN_PASSWORD_MESSAGE3=$'IMPORTANT: Please take a moment to enter the above password into a\npassword manager or write it down somewhere.'
+    PRESS_KEY_MESSAGE=$'Press any key to continue...'
+    echo "    echo \"${NEW_LOGIN_PASSWORD_MESSAGE1}\"" >> $rootdir/root/.bashrc
+    echo '    echo ""' >> $rootdir/root/.bashrc
+    echo '    toilet "${NEW_USER_PASSWORD}"' >> $rootdir/root/.bashrc
+    echo '    echo ""' >> $rootdir/root/.bashrc
+    echo '    echo "                          ${NEW_USER_PASSWORD}"' >> $rootdir/root/.bashrc
+    echo '    echo ""' >> $rootdir/root/.bashrc
+    echo "    echo \"${NEW_LOGIN_PASSWORD_MESSAGE2}\"" >> $rootdir/root/.bashrc
+    echo '    echo ""' >> $rootdir/root/.bashrc
+    echo "    echo \"${NEW_LOGIN_PASSWORD_MESSAGE3}\"" >> $rootdir/root/.bashrc
+    echo '    echo ""' >> $rootdir/root/.bashrc
+    echo "    read -n1 -r -p \"${PRESS_KEY_MESSAGE}\" key" >> $rootdir/root/.bashrc
+
+    # change the password for the admin user
+    echo -n "    echo \"${MY_USERNAME}:" >> $rootdir/root/.bashrc
+    echo '$(printf `cat ~/login.txt`)"|chpasswd' >> $rootdir/root/.bashrc
+
+    # update before continuing
+    echo "    cd /root/${PROJECT_NAME}" >> $rootdir/root/.bashrc
+    echo "    git stash" >> $rootdir/root/.bashrc
+    echo "    git pull" >> $rootdir/root/.bashrc
+    echo "    make install" >> $rootdir/root/.bashrc
+
+    if [[ $VARIANT != "mesh" ]]; then
+        if [[ $ONION_ONLY == "no" ]]; then
+            if [[ $MINIMAL_INSTALL == "no" ]]; then
+                echo "    ${PROJECT_NAME} menuconfig-full" >> $rootdir/root/.bashrc
+            else
+                echo "    ${PROJECT_NAME} menuconfig" >> $rootdir/root/.bashrc
+            fi
+        else
+            echo "    ${PROJECT_NAME} menuconfig-onion" >> $rootdir/root/.bashrc
+        fi
+    else
+        echo "    echo ''" >> $rootdir/root/.bashrc
+    fi
+    echo '    if [ "$?" = "0" ]; then' >> $rootdir/root/.bashrc
+    echo "        if [ -f ~/${PROJECT_NAME}-completed.txt ]; then" >> $rootdir/root/.bashrc
+    # Remove the initial setup files
+    echo '            rm /root/.initial_setup' >> $rootdir/root/.bashrc
+    echo "            rm /home/${MY_USERNAME}/.initial_setup" >> $rootdir/root/.bashrc
+    echo "            touch /root/.remove_${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
+    echo '            shred -zu ~/login.txt' >> $rootdir/root/.bashrc
+    END_MESSAGE1=$'Congratulations!'
+    if [[ $VARIANT != "mesh" ]]; then
+        END_MESSAGE2=$'\nYour system has now installed\n\nThe onion ssh service is at $SSH_ONION_HOSTNAME\n\nPress any key to reboot and begin using it'
+        echo '            SSH_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_ssh/hostname)' >> $rootdir/root/.bashrc
+    else
+        END_MESSAGE2=$'\nYour system has now installed\n\nPress any key to reboot and begin using it'
+    fi
+    echo "            dialog --title '$END_MESSAGE1' --msgbox \"$END_MESSAGE2\" 9 50" >> $rootdir/root/.bashrc
+    echo '            reboot' >> $rootdir/root/.bashrc
+    echo '        fi' >> $rootdir/root/.bashrc
+    echo '    else' >> $rootdir/root/.bashrc
+    echo '        key=' >> $rootdir/root/.bashrc
+    echo '        while [[ $key != "x" ]]; do' >> $rootdir/root/.bashrc
+    INSTALL_FAIL_MESSAGE=$"Install failed. Press x to continue..."
+    echo "            read -n1 -r -p \"${INSTALL_FAIL_MESSAGE}\" key" >> $rootdir/root/.bashrc
+    echo '        done' >> $rootdir/root/.bashrc
+    echo '    fi' >> $rootdir/root/.bashrc
+    echo '    exit' >> $rootdir/root/.bashrc
+    echo 'else' >> $rootdir/root/.bashrc
+    echo '    # Remove default account after install' >> $rootdir/root/.bashrc
+    echo "    if [ -f /root/.remove_${GENERIC_IMAGE_USERNAME} ]; then" >> $rootdir/root/.bashrc
+    echo "        if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then" >> $rootdir/root/.bashrc
+    echo "           userdel -r ${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
+    echo "           if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then" >> $rootdir/root/.bashrc
+    echo "               rm -rf /home/${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
+    echo "               rm /root/.remove_${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc
+    echo '           fi' >> $rootdir/root/.bashrc
+    echo '        fi' >> $rootdir/root/.bashrc
+    echo '    fi' >> $rootdir/root/.bashrc
+    echo 'fi' >> $rootdir/root/.bashrc
 }
 
 continue_installation() {
-	# If a configuration file exists then run with it
-	# otherwise the interactive installer can be used
-	# This is equivalent to installing freedombox-setup on freedombox
-	if [ $CONFIG_FILENAME ]; then
-		if [ ${#CONFIG_FILENAME} -gt 2 ]; then
-			cp $CONFIG_FILENAME $rootdir/root/$PROJECT_NAME.cfg
-			cat $rootdir/root/$PROJECT_NAME.cfg
-			chroot "$rootdir" su -c "$PROJECT_NAME -c /root/$PROJECT_NAME.cfg" - root
-		fi
-	fi
+    # If a configuration file exists then run with it
+    # otherwise the interactive installer can be used
+    # This is equivalent to installing freedombox-setup on freedombox
+    if [ $CONFIG_FILENAME ]; then
+        if [ ${#CONFIG_FILENAME} -gt 2 ]; then
+            cp $CONFIG_FILENAME $rootdir/root/$PROJECT_NAME.cfg
+            cat $rootdir/root/$PROJECT_NAME.cfg
+            chroot "$rootdir" su -c "$PROJECT_NAME -c /root/$PROJECT_NAME.cfg" - root
+        fi
+    fi
 }
 
 atheros_wifi() {
-	firmware_filename="open-ath9k-htc-firmware_1.3-1_all.deb"
-	firmware_hash='5fea58ffefdf0ef15b504db7fbe3bc078c03e0d927bba64085e4b6f2546102f5'
-
-	firmware_url="http://us.archive.trisquel.info/trisquel/pool/main/o/open-ath9k-htc-firmware/$firmware_filename"
-	firmware_tempfile="/tmp/$firmware_filename"
-	wget "$firmware_url" -O "$rootdir$firmware_tempfile"
-	downloaded_firmware_hash=$(sha256sum "$rootdir$firmware_tempfile" | awk -F ' ' '{print $1}')
-	if [[ "$downloaded_firmware_hash" == "$firmware_hash" ]]; then
-		chroot "$rootdir" dpkg -i "$firmware_tempfile"
-	else
-		echo 'WARNING: Atheros Wifi firmware hash does not match. The driver has not been installed.'
-	fi
+    firmware_filename="open-ath9k-htc-firmware_1.3-1_all.deb"
+    firmware_hash='5fea58ffefdf0ef15b504db7fbe3bc078c03e0d927bba64085e4b6f2546102f5'
+
+    firmware_url="http://us.archive.trisquel.info/trisquel/pool/main/o/open-ath9k-htc-firmware/$firmware_filename"
+    firmware_tempfile="/tmp/$firmware_filename"
+    wget "$firmware_url" -O "$rootdir$firmware_tempfile"
+    downloaded_firmware_hash=$(sha256sum "$rootdir$firmware_tempfile" | awk -F ' ' '{print $1}')
+    if [[ "$downloaded_firmware_hash" == "$firmware_hash" ]]; then
+        chroot "$rootdir" dpkg -i "$firmware_tempfile"
+    else
+        echo 'WARNING: Atheros Wifi firmware hash does not match. The driver has not been installed.'
+    fi
 }
 
 
 initialise_mesh() {
-	if [[ $VARIANT != "mesh" || $DEBIAN_INSTALL_ONLY != "no" ]]; then
-		return
-	fi
-	freedombone-mesh-install -f firewall -r "${rootdir}"
-	freedombone-mesh-install -f avahi -r "${rootdir}"
-	freedombone-mesh-install -f batman -r "${rootdir}"
-	freedombone-mesh-install -f tox_node -r "${rootdir}"
-	freedombone-mesh-install -f tox_client -r "${rootdir}"
-	freedombone-mesh-install -f zeronet -r "${rootdir}"
-
-	MESH_SERVICE='mesh-setup.service'
-	MESH_SETUP_DAEMON=$rootdir/etc/systemd/system/$MESH_SERVICE
-
-	echo '[Unit]' > $MESH_SETUP_DAEMON
-	echo 'Description=Initial mesh router configuration' >> $MESH_SETUP_DAEMON
-	echo 'After=syslog.target' >> $MESH_SETUP_DAEMON
-	echo 'After=network.target' >> $MESH_SETUP_DAEMON
-	echo '[Service]' >> $MESH_SETUP_DAEMON
-	echo 'Type=simple' >> $MESH_SETUP_DAEMON
-	echo 'User=root' >> $MESH_SETUP_DAEMON
-	echo 'Group=root' >> $MESH_SETUP_DAEMON
-	echo 'WorkingDirectory=/root' >> $MESH_SETUP_DAEMON
-	echo "ExecStart=/usr/local/bin/${PROJECT_NAME}-image-mesh > /var/log/mesh-setup.log" >> $MESH_SETUP_DAEMON
-	echo '' >> $MESH_SETUP_DAEMON
-	echo 'TimeoutSec=99999' >> $MESH_SETUP_DAEMON
-	echo '' >> $MESH_SETUP_DAEMON
-	echo '[Install]' >> $MESH_SETUP_DAEMON
-	echo 'WantedBy=multi-user.target' >> $MESH_SETUP_DAEMON
-	chroot "$rootdir" systemctl enable $MESH_SERVICE
+    if [[ $VARIANT != "mesh" || $DEBIAN_INSTALL_ONLY != "no" ]]; then
+        return
+    fi
+    freedombone-mesh-install -f firewall -r "${rootdir}"
+    freedombone-mesh-install -f avahi -r "${rootdir}"
+    freedombone-mesh-install -f batman -r "${rootdir}"
+    freedombone-mesh-install -f tox_node -r "${rootdir}"
+    freedombone-mesh-install -f tox_client -r "${rootdir}"
+    freedombone-mesh-install -f zeronet -r "${rootdir}"
+
+    MESH_SERVICE='mesh-setup.service'
+    MESH_SETUP_DAEMON=$rootdir/etc/systemd/system/$MESH_SERVICE
+
+    echo '[Unit]' > $MESH_SETUP_DAEMON
+    echo 'Description=Initial mesh router configuration' >> $MESH_SETUP_DAEMON
+    echo 'After=syslog.target' >> $MESH_SETUP_DAEMON
+    echo 'After=network.target' >> $MESH_SETUP_DAEMON
+    echo '[Service]' >> $MESH_SETUP_DAEMON
+    echo 'Type=simple' >> $MESH_SETUP_DAEMON
+    echo 'User=root' >> $MESH_SETUP_DAEMON
+    echo 'Group=root' >> $MESH_SETUP_DAEMON
+    echo 'WorkingDirectory=/root' >> $MESH_SETUP_DAEMON
+    echo "ExecStart=/usr/local/bin/${PROJECT_NAME}-image-mesh > /var/log/mesh-setup.log" >> $MESH_SETUP_DAEMON
+    echo '' >> $MESH_SETUP_DAEMON
+    echo 'TimeoutSec=99999' >> $MESH_SETUP_DAEMON
+    echo '' >> $MESH_SETUP_DAEMON
+    echo '[Install]' >> $MESH_SETUP_DAEMON
+    echo 'WantedBy=multi-user.target' >> $MESH_SETUP_DAEMON
+    chroot "$rootdir" systemctl enable $MESH_SERVICE
 }
 
 configure_wifi() {
-	if [[ $VARIANT == "mesh" ]]; then
-		return
-	fi
-
-	if [ -f $WIFI_NETWORKS_FILE ]; then
-		chroot "$rootdir" ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE --networks $WIFI_NETWORKS_FILE
-		return
-	fi
-	
-	if [[ $WIFI_TYPE != 'none' ]]; then
-		if [ ! $WIFI_PASSPHRASE ]; then
-			return
-		fi
-		if [ ${#WIFI_PASSPHRASE} -lt 2 ]; then
-			return
-		fi  
-		chroot "$rootdir" ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $HOTSPOT
-	else
-		chroot "$rootdir" ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE --hotspot $HOTSPOT
-	fi
+    if [[ $VARIANT == "mesh" ]]; then
+        return
+    fi
+
+    if [ -f $WIFI_NETWORKS_FILE ]; then
+        chroot "$rootdir" ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE --networks $WIFI_NETWORKS_FILE
+        return
+    fi
+    
+    if [[ $WIFI_TYPE != 'none' ]]; then
+        if [ ! $WIFI_PASSPHRASE ]; then
+            return
+        fi
+        if [ ${#WIFI_PASSPHRASE} -lt 2 ]; then
+            return
+        fi  
+        chroot "$rootdir" ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $HOTSPOT
+    else
+        chroot "$rootdir" ${PROJECT_NAME}-wifi -i $WIFI_INTERFACE -s $WIFI_SSID -t $WIFI_TYPE --hotspot $HOTSPOT
+    fi
 }
 
 # Set to true/false to control if eatmydata is used during build
@@ -475,16 +475,16 @@ echo $username:$password | chroot $rootdir /usr/sbin/chpasswd
 chroot "$rootdir" adduser $username sudo
 
 case "$MACHINE" in
-	virtualbox)
-		# hide irrelevant console keyboard messages.
-		echo "echo \"4 4 1 7\" > /proc/sys/kernel/printk" \
-			 >> /etc/init.d/rc.local
-		;;
-	qemu)
-		# hide irrelevant console keyboard messages.
-		echo "echo \"4 4 1 7\" > /proc/sys/kernel/printk" \
-			 >> /etc/init.d/rc.local
-		;;
+    virtualbox)
+        # hide irrelevant console keyboard messages.
+        echo "echo \"4 4 1 7\" > /proc/sys/kernel/printk" \
+             >> /etc/init.d/rc.local
+        ;;
+    qemu)
+        # hide irrelevant console keyboard messages.
+        echo "echo \"4 4 1 7\" > /proc/sys/kernel/printk" \
+             >> /etc/init.d/rc.local
+        ;;
 esac
 
 set_apt_sources $BUILD_MIRROR
@@ -494,19 +494,19 @@ chroot "$rootdir" apt-get clean
 chroot "$rootdir" apt-get update
 
 cat > $rootdir/usr/sbin/policy-rc.d <<EOF
-	#!/bin/sh
-	exit 101
-	EOF
+    #!/bin/sh
+    exit 101
+    EOF
 chmod a+rx $rootdir/usr/sbin/policy-rc.d
 
 if $use_eatmydata ; then
-	enable_eatmydata_override
+    enable_eatmydata_override
 fi
 
 if [ -n "$CUSTOM_SETUP" ]; then
-	cp "$CUSTOM_SETUP" "$rootdir"/tmp
-	chroot "$rootdir" apt-get install -y gdebi-core
-	chroot "$rootdir" gdebi -n /tmp/"$(basename $CUSTOM_SETUP)"
+    cp "$CUSTOM_SETUP" "$rootdir"/tmp
+    chroot "$rootdir" apt-get install -y gdebi-core
+    chroot "$rootdir" gdebi -n /tmp/"$(basename $CUSTOM_SETUP)"
 fi
 
 chroot "$rootdir" apt-get install -y sudo git dialog toilet build-essential openssh-server
@@ -518,45 +518,45 @@ chroot "$rootdir" apt-get install -y locales locales-all debconf wireless-tools
 sed -i "s|#host-name=.*|host-name=${PROJECT_NAME}|g" $rootdir/etc/avahi/avahi-daemon.conf
 
 chroot "$rootdir" /bin/bash -x <<EOF
-	git clone $PROJECT_REPO /root/$PROJECT_NAME
-	cd /root/$PROJECT_NAME
-	make install
-	EOF
+    git clone $PROJECT_REPO /root/$PROJECT_NAME
+    cd /root/$PROJECT_NAME
+    make install
+    EOF
 
 chroot "$rootdir" ${PROJECT_NAME}-image-hardware-setup 2>&1 | \
-	tee $rootdir/var/log/${PROJECT_NAME}-image-hardware-setup.log
+    tee $rootdir/var/log/${PROJECT_NAME}-image-hardware-setup.log
 
 rm $rootdir/usr/sbin/policy-rc.d
 
 # Set up HRNG for systems known to have one
 # Otherwise install haveged
 if [[ "$MACHINE" != "beaglebone" ]]; then
-	chroot $rootdir apt-get -y install haveged
+    chroot $rootdir apt-get -y install haveged
 else
-	chroot $rootdir apt-get -y install rng-tools
-	sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' $rootdir/etc/default/rng-tools
+    chroot $rootdir apt-get -y install rng-tools
+    sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' $rootdir/etc/default/rng-tools
 fi
 
 # copy u-boot to beginning of image
 case "$MACHINE" in
-	beaglebone)
-		dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/MLO of="$image" \
-		   count=1 seek=1 conv=notrunc bs=128k
-		dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/u-boot.img of="$image" \
-		   count=2 seek=1 conv=notrunc bs=384k
-		;;
-	cubieboard2)
-		dd if=$rootdir/usr/lib/u-boot/Cubieboard2/u-boot-sunxi-with-spl.bin of="$image" \
-		   seek=8 conv=notrunc bs=1k
-		;;
-	a20-olinuxino-lime)
-		dd if=$rootdir/usr/lib/u-boot/A20-OLinuXino-Lime/u-boot-sunxi-with-spl.bin \
-		   of="$image" seek=8 conv=notrunc bs=1k
-		;;
+    beaglebone)
+        dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/MLO of="$image" \
+           count=1 seek=1 conv=notrunc bs=128k
+        dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/u-boot.img of="$image" \
+           count=2 seek=1 conv=notrunc bs=384k
+        ;;
+    cubieboard2)
+        dd if=$rootdir/usr/lib/u-boot/Cubieboard2/u-boot-sunxi-with-spl.bin of="$image" \
+           seek=8 conv=notrunc bs=1k
+        ;;
+    a20-olinuxino-lime)
+        dd if=$rootdir/usr/lib/u-boot/A20-OLinuXino-Lime/u-boot-sunxi-with-spl.bin \
+           of="$image" seek=8 conv=notrunc bs=1k
+        ;;
 esac
 
 if $use_eatmydata ; then
-	disable_eatmydata_override
+    disable_eatmydata_override
 fi
 
 set_apt_sources $MIRROR