diff --git a/live_exam_os/.env.example b/live_exam_os/.env.example
index c0e640d87487cb72396bf17ee76e24a421540d74..0cd3d7a9e87782eb072cf08fe18898849fc92db5 100644
--- a/live_exam_os/.env.example
+++ b/live_exam_os/.env.example
@@ -3,7 +3,6 @@ export SQUASHFS="/tmp/squashfs"
export ROOTFS_DIR="/tmp/rootfs"
export ISO_DIR="/tmp/iso"
export BOOT_FOLDER="$ISO_DIR/boot"
-export LUKS_IMG="squash.rootfs.luks"
# Nexus build configuration
export SERVER="127.0.0.1:1077"
@@ -14,7 +13,9 @@ export EXAM_PWD="password"
# Build parameters
export LUKS_PASSPHRASE="passphrase"
export ADDITIONAL_KEYS="keys keyss"
+export CHALLENGE="challenge"
export VERBOSE=false
+export RAM="squashfs_tmpfs"
#export PXE_URL="127.0.0.1:8000"
export OUTPUT="build"
export CACHE_FS="cache"
diff --git a/live_exam_os/Dockerfile b/live_exam_os/Dockerfile
index c8909d9214dcc565b61a22b0dc1aeac6ce76cc6e..f5e1cdc738df56d5a7d15e45a72ca47e26112656 100644
--- a/live_exam_os/Dockerfile
+++ b/live_exam_os/Dockerfile
@@ -4,7 +4,7 @@ FROM ubuntu:22.04
ENV archive=go1.22.6.linux-amd64.tar.gz
ENV PATH=$PATH:/usr/local/go/bin
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y gcc pkg-config git wget make ca-certificates libglfw3-dev libxcursor-dev libxinerama-dev libxi-dev libxxf86vm-dev upx-ucl curl cryptsetup squashfs-tools fakechroot debootstrap xorriso
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y gcc pkg-config git wget make ca-certificates libglfw3-dev libxcursor-dev libxinerama-dev libxi-dev libxxf86vm-dev upx-ucl curl cryptsetup squashfs-tools fakechroot debootstrap xorriso mtools dosfstools
RUN git clone https://github.com/limine-bootloader/limine.git --branch=v8.x-binary --depth=1 /opt/limine && \
cd /opt/limine && \
diff --git a/live_exam_os/Makefile b/live_exam_os/Makefile
index 254f262bd8b7c7f1e25e985112948d715190a6c1..ae290925508537fa315b3fb2a152b2e296eedd1d 100644
--- a/live_exam_os/Makefile
+++ b/live_exam_os/Makefile
@@ -15,6 +15,6 @@ bios_cd:
qemu-system-x86_64 -drive file=$(ISO),media=cdrom,if=ide,readonly=on -boot d -m 4G -smp 4
uefi:
- qemu-system-x86_64 -bios /usr/share/OVMF/x64/OVMF.fd -drive file=$(ISO),format=raw -boot d -m 16G -smp 4 -netdev user,id=n1 -device virtio-net-pci,netdev=n1 -serial mon:stdio
+ qemu-system-x86_64 -bios /usr/share/OVMF/x64/OVMF.fd -drive file=$(ISO),format=raw -boot d -m 16G -smp 4 -netdev user,id=n1 -device virtio-net-pci,netdev=n1
.PHONY: build
diff --git a/live_exam_os/README.md b/live_exam_os/README.md
index 05ca500089dfa4fd892cc06074d9b90a2b09bf44..3fe607e463a843a35271fbd78f94946d5d3ff244 100644
--- a/live_exam_os/README.md
+++ b/live_exam_os/README.md
@@ -29,8 +29,12 @@ For simpler deployment on any environment that supports Docker, we provide a `Do
| `--output` | Define the output folder (default: `.`). |
| `--luks-passphrase` | Enable LUKS encryption with a passphrase. |
| `--luks-keys` | Provide a list of additional keys for LUKS encryption. |
-| `--pxe` | Set the URL of the PXE and generate an initramfs, kernel, and SquashFS for PXE use. |
-| `--cache` | Specify the path to a folder containing a pre-downloaded clean filesystem. |
+| `--ram` | Using the system in RAM. |
+| `--challenge` | Challenge in use by yubikeys. |
+| `--arch` | Set the architecture of the system (e.g., amd64). |
+| `--pxe` | Set the url of the pxe and generate an initramfs, kernel and squashfs for the pxe to use (use the url of the folder where the squashfs is stored, not the direct link to the squashfs). |
+| `--cache` | Path to a folder with a clean fs already downloaded. |
+| `--version` | Version of Ubuntu (e.g., Noble) |
### Environment Setup Parameters
diff --git a/live_exam_os/build.sh b/live_exam_os/build.sh
index f222c6587898daad465efb1df92e86ba47578149..2542af4917dfa2af6d7f0053460d86b3c5f073e3 100755
--- a/live_exam_os/build.sh
+++ b/live_exam_os/build.sh
@@ -3,14 +3,17 @@
. tools/functions.sh
# Default variables
-export SQUASHFS="/tmp/squashfs"
-export ROOTFS_DIR="/tmp/rootfs"
-export ISO_DIR="/tmp/iso"
+export SQUASHFS="output/squashfs"
+export ROOTFS_DIR="output/rootfs"
+export ISO_DIR="output/iso"
export BOOT_FOLDER="$ISO_DIR/boot"
-export LUKS_IMG="squash.rootfs.luks"
+export SQUASHFS_IMG="squash.rootfs"
export VERBOSE=false
-export OUTPUT="."
+export OUTPUT="build"
export ISO_NAME="nexus.iso"
+export UBUNTU_VERSION="noble"
+export CHALLENGE="default_challenge"
+export ARCH="amd64"
helper() {
echo "USAGE: $(basename "$0") [options]"
@@ -21,8 +24,13 @@ helper() {
echo " --output Set the output folder (default: .)"
echo " --luks-passphrase Enable LUKS encryption with passphrase"
echo " --luks-keys List of additional keys"
- echo " --pxe Set the url of the pxe and generate an initramfs, kernel and squashfs for pxe use"
+ echo " --ram Using the system in RAM"
+ echo " --challenge List of additional keys"
+ echo " --arch Set the architecture of the system (e.g., amd64)"
+ echo " --pxe Set the url of the pxe and generate an initramfs, kernel and squashfs for the pxe to use
+ (use the url of the folder where the squashfs is stored, not the direct link to the squashfs)"
echo " --cache Path to a folder with a clean fs already downloaded"
+ echo " --version Version of Ubuntu (e.g., Noble)"
echo
echo "Environment Setup Parameters:"
echo " SQUASHFS Path to the SquashFS file (e.g., out/squash.rootfs)"
@@ -55,8 +63,13 @@ while [ "$#" -gt 0 ]; do
fi
;;
--luks-passphrase)
- LUKS_PASSPHRASE="$2"
- shit 2
+ if [ -n "$2" ]; then
+ LUKS_PASSPHRASE="$2"
+ shift 2
+ else
+ echo "Error: --luks-keys requires an argument" >&2
+ helper
+ fi
;;
--luks-keys)
if [ -n "$2" ]; then
@@ -67,6 +80,15 @@ while [ "$#" -gt 0 ]; do
helper
fi
;;
+ --challenge)
+ if [ -n "$2" ]; then
+ CHALLENGE="$2"
+ shift 2
+ else
+ echo "Error: --luks-keys requires an argument" >&2
+ helper
+ fi
+ ;;
--pxe)
if [ -n "$2" ]; then
export PXE_URL="$2"
@@ -80,6 +102,10 @@ while [ "$#" -gt 0 ]; do
export VERBOSE=true
shift
;;
+ --ram)
+ export RAM="squashfs_tmpfs"
+ shift
+ ;;
--verbose)
export VERBOSE=true
shift
@@ -93,6 +119,24 @@ while [ "$#" -gt 0 ]; do
helper
fi
;;
+ --version)
+ if [ -n "$2" ]; then
+ export UBUNTU_VERSION=$2
+ shift 2
+ else
+ echo "Error: --cache requires an argument" >&2
+ helper
+ fi
+ ;;
+ --arch)
+ if [ -n "$2" ]; then
+ export ARCH=$2
+ shift 2
+ else
+ echo "Error: --cache requires an argument" >&2
+ helper
+ fi
+ ;;
*)
echo "Unknown option: $1" >&2
helper
@@ -101,15 +145,14 @@ while [ "$#" -gt 0 ]; do
done
check_environment_var
-
+CMDLINE="boot=nexus quiet splash $RAM modprobe.blacklist=floppy"
echo "[Create filesystem...]"
rm -rf "$ROOTFS_DIR" "$OUTPUT"
mkdir -p "$ROOTFS_DIR"
if [ -z $CACHE_FS ]; then
- echo "debootstrap --arch=amd64 noble $ROOTFS_DIR http://archive.ubuntu.com/ubuntu/"
- debootstrap --arch=amd64 noble $ROOTFS_DIR http://archive.ubuntu.com/ubuntu/
+ run_command debootstrap --arch=$ARCH $UBUNTU_VERSION $ROOTFS_DIR http://archive.ubuntu.com/ubuntu/
mount -t proc /proc $ROOTFS_DIR/proc
mount --rbind /sys $ROOTFS_DIR/sys
mount --rbind /dev $ROOTFS_DIR/dev
@@ -119,15 +162,15 @@ if [ -z $CACHE_FS ]; then
echo "[Installing packages...]"
packages=$(tr '\n' ' ' < config/01-packages_install/packages)
- echo "deb http://archive.ubuntu.com/ubuntu noble main universe" > $ROOTFS_DIR/etc/apt/sources.list
+ echo "deb http://archive.ubuntu.com/ubuntu $UBUNTU_VERSION main universe" > $ROOTFS_DIR/etc/apt/sources.list
run_command_chroot apt update
check_exit_code $? "Error during apt update"
- run_command_chroot apt install -y --no-install-recommends zstd initramfs-tools linux-image-generic linux-firmware casper cryptsetup-initramfs $packages
+ run_command_chroot apt install -y --no-install-recommends $packages
check_exit_code $? "Error during packages installation"
else
if [ ! -d $CACHE_FS ]; then
mkdir $CACHE_FS
- debootstrap --arch=amd64 noble $CACHE_FS http://archive.ubuntu.com/ubuntu/
+ run_command debootstrap --arch=$ARCH $UBUNTU_VERSION $CACHE_FS http://archive.ubuntu.com/ubuntu/
mount -t proc /proc $CACHE_FS/proc
mount --rbind /sys $CACHE_FS/sys
@@ -138,10 +181,10 @@ else
echo "[Installing packages...]"
packages=$(tr '\n' ' ' < config/01-packages_install/packages)
- echo "deb http://archive.ubuntu.com/ubuntu noble main universe" > $CACHE_FS/etc/apt/sources.list
+ echo "deb http://archive.ubuntu.com/ubuntu $UBUNTU_VERSION main universe" > $CACHE_FS/etc/apt/sources.list
run_command chroot $CACHE_FS apt update
check_exit_code $? "Error during apt update"
- run_command chroot $CACHE_FS apt install -y --no-install-recommends zstd initramfs-tools linux-image-generic linux-firmware casper cryptsetup-initramfs $packages
+ run_command chroot $CACHE_FS apt install -y --no-install-recommends $packages
check_exit_code $? "Error during packages installation"
umount -l $CACHE_FS/proc
@@ -150,7 +193,7 @@ else
umount -l $CACHE_FS/run
umount -l $CACHE_FS/tmp
else
- echo "Skip through cache"
+ echo " [Skip through cache]"
fi
cp -r $CACHE_FS/* $ROOTFS_DIR
@@ -165,12 +208,32 @@ fi
echo "[Uploading configuration file...]"
cp -rf config/02-customisation/* $ROOTFS_DIR
+if [ -z $PXE_URL ]; then
+ echo "[EFI img preparation]"
+ mkdir -p "$ISO_DIR/boot/grub"
+ sed "s/CMDLINE/$CMDLINE/g" config/00-bootloader/grub.cfg > "$ISO_DIR/boot/grub/grub.cfg"
+ EFIBOOT=/tmp/efiboot.img
+ EFIBOOT_MOUNT=/tmp/efiboot
+ SIZE_EFIBOOT=$(get_total_size $ROOTFS_DIR/usr/lib/shim/shimx64.efi.signed.latest $ROOTFS_DIR/usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed)
+ OFFSET=$(( 150 * 1024 )) # Some space for fat header and grub.cfg file
+
+ fallocate -l $(( $SIZE_EFIBOOT + $OFFSET)) $EFIBOOT
+ run_command mkfs.vfat $EFIBOOT
+ mkdir $EFIBOOT_MOUNT
+ mount -o loop $EFIBOOT $EFIBOOT_MOUNT
+ mkdir -p $EFIBOOT_MOUNT/EFI/BOOT
+ cp config/00-bootloader/grub.efi.cfg $EFIBOOT_MOUNT/EFI/BOOT/grub.cfg
+ cp $ROOTFS_DIR/usr/lib/shim/shimx64.efi.signed.latest "$EFIBOOT_MOUNT/EFI/BOOT/BOOTx64.EFI"
+ cp $ROOTFS_DIR/usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed "$EFIBOOT_MOUNT/EFI/BOOT/grubx64.efi"
+ umount $EFIBOOT_MOUNT
+fi
+
echo "[Post-install...]"
for script in config/03-post_install/*.sh; do
./$script
done
-echo "[Moving kernel..]"
+echo "[Moving kernel...]"
cp $ROOTFS_DIR/boot/vmlinuz-* /tmp/vmlinuz
cp $ROOTFS_DIR/boot/initrd.img /tmp/initrd
rm -rf $ROOTFS_DIR/boot
@@ -182,96 +245,59 @@ umount -l $ROOTFS_DIR/dev
umount -l $ROOTFS_DIR/run
umount -l $ROOTFS_DIR/tmp
-echo "[Create squash.rootfs..]"
+echo "[Create squash.rootfs...]"
run_command mksquashfs "$ROOTFS_DIR" "$SQUASHFS"
check_exit_code $? "Error during squashfs generation"
if [ ! -z $LUKS_PASSPHRASE ]; then
- echo "[Encrypt squash.rootfs..]"
+ echo "[Encrypt squash.rootfs...]"
SQUASHFS_SIZE=$(stat -c %s "$SQUASHFS")
LUKS_HEADER_SIZE=$((1024 * 1024 * 16)) # 16 MiB header LUKS2
TOTAL_SIZE=$((SQUASHFS_SIZE + LUKS_HEADER_SIZE))
SECTOR_SIZE=512
- TOTAL_SIZE=$(( (TOTAL_SIZE + SECTOR_SIZE - 1) / SECTOR_SIZE * SECTOR_SIZE ))
- fallocate -l $TOTAL_SIZE "/tmp/$LUKS_IMG"
- echo -n "$LUKS_PASSPHRASE" | cryptsetup luksFormat "/tmp/$LUKS_IMG" --batch-mode
- echo -n "$LUKS_PASSPHRASE" | cryptsetup luksOpen "/tmp/$LUKS_IMG" container
+ fallocate -l $TOTAL_SIZE "/tmp/$SQUASHFS_IMG"
+ echo -n "$LUKS_PASSPHRASE" | cryptsetup luksFormat "/tmp/$SQUASHFS_IMG" --batch-mode
+ echo -n "$LUKS_PASSPHRASE" | cryptsetup luksOpen "/tmp/$SQUASHFS_IMG" container
run_command dd if="$SQUASHFS" of=/dev/mapper/container bs=4M
cryptsetup luksClose container
if [ ! -z $ADDITIONAL_KEYS ]; then
for key in $ADDITIONAL_KEYS; do
- echo -e "$LUKS_PASSPHRASE\n$key" | cryptsetup luksAddKey "/tmp/$LUKS_IMG"
+ echo -e "$LUKS_PASSPHRASE\n$key" | cryptsetup luksAddKey "/tmp/$SQUASHFS_IMG"
done
fi
else
- mkdir -p $ISO_DIR/casper
- cp "$SQUASHFS" "$ISO_DIR/casper/filesystem.squashfs"
+ cp "$SQUASHFS" "/tmp/$SQUASHFS_IMG"
fi
mkdir $OUTPUT
-if [ ! -z $PXE_URL ];then
+if [ ! -z $PXE_URL ]; then
cp /tmp/vmlinuz $OUTPUT
cp /tmp/initrd $OUTPUT
- cp /tmp/$LUKS_IMG $OUTPUT
-
- echo "[Moving kernel to iso/boot...]"
- mkdir -p $BOOT_FOLDER
- cp /tmp/vmlinuz $BOOT_FOLDER/vmlinuz
- cp /tmp/initrd $BOOT_FOLDER/initrd
-
- echo "[Create iso...]"
-
- mkdir -p "$ISO_DIR/EFI/BOOT"
-
- cp /opt/limine/*.EFI "$ISO_DIR/EFI/BOOT/"
- cp /opt/limine/*.bin "$ISO_DIR/"
- cp /opt/limine/*.sys "$ISO_DIR/"
-
- cp config/00-bootloader/limine_pxe.conf "$ISO_DIR/boot/limine.conf"
-
- run_command xorriso -as mkisofs -R -r -J -b "limine-bios-cd.bin" \
- -no-emul-boot -boot-load-size 4 -boot-info-table -hfsplus \
- -apm-block-size 2048 --efi-boot "limine-uefi-cd.bin" \
- -efi-boot-part --efi-boot-image --protective-msdos-label \
- -volid "NEXUSCLIENTISO" \
- "$ISO_DIR" -o "$OUTPUT/$ISO_NAME"
- check_exit_code $? "Error during iso creation"
-
- run_command limine bios-install "$OUTPUT/$ISO_NAME"
- check_exit_code $? "Error during add bios header"
+ cp /tmp/$SQUASHFS_IMG $OUTPUT
else
echo "[Moving kernel && squashfs from rootfs to iso/boot...]"
mkdir -p $BOOT_FOLDER
cp /tmp/vmlinuz $BOOT_FOLDER/vmlinuz
cp /tmp/initrd $BOOT_FOLDER/initrd
- cp /tmp/$LUKS_IMG $ISO_DIR/$LUKS_IMG
echo "[Create iso...]"
-
- mkdir -p "$ISO_DIR/EFI/BOOT"
-
- cp /opt/limine/*.EFI "$ISO_DIR/EFI/BOOT/"
+ cp /tmp/$SQUASHFS_IMG $ISO_DIR/$SQUASHFS_IMG
cp /opt/limine/*.bin "$ISO_DIR/"
cp /opt/limine/*.sys "$ISO_DIR/"
-
- if [ ! -z $LUKS_PASSPHRASE ]; then
- cp config/00-bootloader/limine.conf "$ISO_DIR/boot/"
- else
- cp config/00-bootloader/limine_casper.conf "$ISO_DIR/boot/limine.conf"
- fi
+ cp $EFIBOOT $ISO_DIR
+ sed "s/CMDLINE/$CMDLINE/g" config/00-bootloader/limine.conf > "$ISO_DIR/boot/limine.conf"
run_command xorriso -as mkisofs -R -r -J -b "limine-bios-cd.bin" \
- -no-emul-boot -boot-load-size 4 -boot-info-table -hfsplus \
- -apm-block-size 2048 --efi-boot "limine-uefi-cd.bin" \
- -efi-boot-part --efi-boot-image --protective-msdos-label \
- -volid "NEXUSCLIENTISO" \
- "$ISO_DIR" -o "$OUTPUT/$ISO_NAME"
+ -no-emul-boot -boot-load-size 4 -boot-info-table -hfsplus \
+ -apm-block-size 2048 --efi-boot "efiboot.img" \
+ -efi-boot-part --efi-boot-image --protective-msdos-label \
+ -volid "NEXUSCLIENTISO" \
+ "$ISO_DIR" -o "$OUTPUT/$ISO_NAME"
+
check_exit_code $? "Error during iso creation"
-
run_command limine bios-install "$OUTPUT/$ISO_NAME"
- check_exit_code $? "Error during add bios header"
fi
chown -R 1000:1000 "$OUTPUT"
diff --git a/live_exam_os/config/00-bootloader/grub.cfg b/live_exam_os/config/00-bootloader/grub.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..b9c139084a82214e15ba1a1ffb16c7474ae8c93e
--- /dev/null
+++ b/live_exam_os/config/00-bootloader/grub.cfg
@@ -0,0 +1,6 @@
+set timeout=0
+
+menuentry "Nexus-Exam" {
+ linux /boot/vmlinuz CMDLINE --
+ initrd /boot/initrd
+}
diff --git a/live_exam_os/config/00-bootloader/grub.efi.cfg b/live_exam_os/config/00-bootloader/grub.efi.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..08ef767a9a2291cf408c5a5bdbe47c4f3118c8bd
--- /dev/null
+++ b/live_exam_os/config/00-bootloader/grub.efi.cfg
@@ -0,0 +1,2 @@
+search --file /boot/vmlinuz --no-floppy --set root
+configfile /boot/grub/grub.cfg
diff --git a/live_exam_os/config/00-bootloader/limine.conf b/live_exam_os/config/00-bootloader/limine.conf
index a2004d66299228c805650c8e1ceb19940cbd3b7a..5a2cf966beb6388c3286b9300b66b48de01c0009 100644
--- a/live_exam_os/config/00-bootloader/limine.conf
+++ b/live_exam_os/config/00-bootloader/limine.conf
@@ -3,5 +3,5 @@ timeout: 0
/Nexus
protocol: linux
kernel_path: boot():/boot/vmlinuz
- kernel_cmdline: boot=nexus quiet splash
+ kernel_cmdline: CMDLINE
module_path: boot():/boot/initrd
diff --git a/live_exam_os/config/00-bootloader/limine_casper.conf b/live_exam_os/config/00-bootloader/limine_casper.conf
deleted file mode 100644
index 853c8c849d3b3f8dc9d7756d213c498d230c079e..0000000000000000000000000000000000000000
--- a/live_exam_os/config/00-bootloader/limine_casper.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-timeout: 0
-
-/Nexus
- protocol: linux
- kernel_path: boot():/boot/vmlinuz
- kernel_cmdline: boot=casper quiet splash
- module_path: boot():/boot/initrd
diff --git a/live_exam_os/config/00-bootloader/limine_pxe.conf b/live_exam_os/config/00-bootloader/limine_pxe.conf
deleted file mode 100644
index 653cf3ae75e8d12184b90ae6572eebd0696ce564..0000000000000000000000000000000000000000
--- a/live_exam_os/config/00-bootloader/limine_pxe.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-timeout: 0
-
-/Nexus
- protocol: linux
- kernel_path: boot():/boot/vmlinuz
- kernel_cmdline: boot=pxe quiet splash
- module_path: boot():/boot/initrd
diff --git a/live_exam_os/config/01-packages_install/packages b/live_exam_os/config/01-packages_install/packages
index f60d5f36c864537fad921a4388b835420597e563..c47aa32595b0bd1b62da0f9c7dcb3ff41986b147 100644
--- a/live_exam_os/config/01-packages_install/packages
+++ b/live_exam_os/config/01-packages_install/packages
@@ -1,4 +1,8 @@
-udev
+zstd
+initramfs-tools
+linux-image-generic
+linux-firmware
+cryptsetup-initramfs
network-manager
xserver-xorg
xserver-xorg-input-libinput
@@ -14,8 +18,8 @@ virt-viewer
mesa-va-drivers
iptables
ufw
-sudo
-vim
rfkill
wpasupplicant
yubikey-personalization
+shim-signed
+grub-efi-amd64-signed
diff --git a/live_exam_os/config/02-customisation/etc/NetworkManager/NetworkManager.conf.bak b/live_exam_os/config/02-customisation/etc/NetworkManager/NetworkManager.conf.bak
deleted file mode 100644
index 06c5d59a6699ec1fcfc048b3190f22e789302a9a..0000000000000000000000000000000000000000
--- a/live_exam_os/config/02-customisation/etc/NetworkManager/NetworkManager.conf.bak
+++ /dev/null
@@ -1,8 +0,0 @@
-[main]
-plugins=ifupdown,keyfile
-
-[ifupdown]
-managed=true
-
-[device]
-wifi.scan-rand-mac-address=no
diff --git a/live_exam_os/config/02-customisation/etc/NetworkManager/conf.d/10-default-wired.conf.bak b/live_exam_os/config/02-customisation/etc/NetworkManager/conf.d/10-default-wired.conf.bak
deleted file mode 100644
index 5582524c548a441f6c8d9680e708fe529e4b4a70..0000000000000000000000000000000000000000
--- a/live_exam_os/config/02-customisation/etc/NetworkManager/conf.d/10-default-wired.conf.bak
+++ /dev/null
@@ -1,10 +0,0 @@
-[connection]
-id=Auto Ethernet
-type=ethernet
-autoconnect=true
-
-[ipv4]
-method=auto
-
-[ipv6]
-method=auto
diff --git a/live_exam_os/config/02-customisation/etc/NetworkManager/conf.d/dns.conf.bak b/live_exam_os/config/02-customisation/etc/NetworkManager/conf.d/dns.conf.bak
deleted file mode 100644
index d435aba99e5b4978136e05393f5434b2403d1ebc..0000000000000000000000000000000000000000
--- a/live_exam_os/config/02-customisation/etc/NetworkManager/conf.d/dns.conf.bak
+++ /dev/null
@@ -1,2 +0,0 @@
-[main]
-dns=none
diff --git a/live_exam_os/config/02-customisation/etc/challenge b/live_exam_os/config/02-customisation/etc/challenge
deleted file mode 100644
index 9daeafb9864cf43055ae93beb0afd6c7d144bfa4..0000000000000000000000000000000000000000
--- a/live_exam_os/config/02-customisation/etc/challenge
+++ /dev/null
@@ -1 +0,0 @@
-test
diff --git a/live_exam_os/config/02-customisation/etc/default/keyboard b/live_exam_os/config/02-customisation/etc/default/keyboard
index c7fe671af6e33dbba07761dacbdd6400c8d596f1..ad849b1f846aece8158718d922fdc961dd2aeea5 100644
--- a/live_exam_os/config/02-customisation/etc/default/keyboard
+++ b/live_exam_os/config/02-customisation/etc/default/keyboard
@@ -2,9 +2,9 @@
# Consult the keyboard(5) manual page.
-#XKBMODEL="pc105"
-#XKBLAYOUT="ch"
-#XKBVARIANT="fr"
-#XKBOPTIONS=""
-#
-#BACKSPACE="guess"
+XKBMODEL="pc105"
+XKBLAYOUT="ch"
+XKBVARIANT="fr"
+XKBOPTIONS=""
+
+BACKSPACE="guess"
diff --git a/live_exam_os/config/02-customisation/etc/initramfs-tools/hooks/nexus b/live_exam_os/config/02-customisation/etc/initramfs-tools/hooks/nexus
deleted file mode 100755
index e1a61da7cdd7c9227f88f5903dcd5d263c12185c..0000000000000000000000000000000000000000
--- a/live_exam_os/config/02-customisation/etc/initramfs-tools/hooks/nexus
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-set -e
-
-. /usr/share/initramfs-tools/hook-functions
-
-copy_exec /etc/initramfs-tools/scripts/init /scripts/nexus
diff --git a/live_exam_os/config/02-customisation/etc/initramfs-tools/hooks/pxe b/live_exam_os/config/02-customisation/etc/initramfs-tools/hooks/pxe
index 887c32db62002ea14b1274b8547039f64ff0d856..64ef1890b9f1a5bc8f485be3fb65c5fb7a5cfc42 100755
--- a/live_exam_os/config/02-customisation/etc/initramfs-tools/hooks/pxe
+++ b/live_exam_os/config/02-customisation/etc/initramfs-tools/hooks/pxe
@@ -6,4 +6,3 @@ set -e
if [ -f /etc/squashfs-url ]; then
copy_exec /etc/squashfs-url /squashfs-url
fi
-copy_exec /etc/initramfs-tools/scripts/pxe /scripts/pxe
diff --git a/live_exam_os/config/02-customisation/etc/initramfs-tools/scripts/init b/live_exam_os/config/02-customisation/etc/initramfs-tools/scripts/init
deleted file mode 100755
index 337eeb88e1da2df57aec4bf0224bf3cebbc2a621..0000000000000000000000000000000000000000
--- a/live_exam_os/config/02-customisation/etc/initramfs-tools/scripts/init
+++ /dev/null
@@ -1,68 +0,0 @@
-#!/bin/sh
-
-mount_and_switch() {
- SQUASHFS_PATH=$1
-
- echo "Mounting overlay..."
- mkdir -p /squash /upper /work /newroot
- mount -t squashfs $SQUASHFS_PATH /squash
-
- mount -t overlay -o lowerdir=/squash,upperdir=/upper,workdir=/work overlayfs /newroot
-
- mount -t devtmpfs none /newroot/dev
- mount -t proc none /newroot/proc
- mount -t sysfs none /newroot/sys
- mount -t tmpfs none /newroot/tmp
- mount -t devpts none /newroot/dev/pts
-
- exec switch_root /newroot /sbin/init
-}
-
-decrypt_with_passphrase() {
- cryptsetup open /cdrom/squash.rootfs.luks data
- exit_code=$?
-
- if [ "$exit_code" -eq 0 ]; then
- mount_and_switch /dev/mapper/data
- fi
-
- echo "Wrong passphrase"
-}
-
-decrypt_with_challenge() {
- echo -n "$1" | cryptsetup open /cdrom/squash.rootfs.luks data
- exit_code=$?
-
- if [ "$exit_code" -eq 0 ]; then
- mount_and_switch /dev/mapper/data
- fi
-
- echo "Decryption error, possibly wrong Yubikey"
-}
-
-while [ -z $(blkid | grep "NEXUSCLIENTISO" | cut -d ':' -f1) ]; do
- echo -n ""
-done
-
-DISK=$(blkid | grep "NEXUSCLIENTISO" | cut -d ':' -f1 | sed 's/.$//')
-mkdir -p /cdrom
-mount -t iso9660 $DISK /cdrom
-
-echo "Waiting for Yubikey. Press 'p' to enter the passphrase"
-while true; do
- output=$(ykchalresp -2 -i /scripts/challenge 2>&1)
- exit_code=$?
-
- if read -t 1 -n 1 input && [ "$input" = "p" ]; then
- echo ""
- decrypt_with_passphrase
- continue
- fi
-
- if [ "$exit_code" -eq 1 ]; then
- sleep 1
- continue
- fi
-
- decrypt_with_challenge $output
-done
diff --git a/live_exam_os/config/02-customisation/etc/initramfs-tools/scripts/nexus b/live_exam_os/config/02-customisation/etc/initramfs-tools/scripts/nexus
new file mode 100755
index 0000000000000000000000000000000000000000..0b2fb417d630e16180f7c963a2c7799148150921
--- /dev/null
+++ b/live_exam_os/config/02-customisation/etc/initramfs-tools/scripts/nexus
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+. /scripts/tools
+
+while true; do
+ for dev in /dev/sd* /dev/sr*; do
+ if [ -e "$dev" ]; then
+ label="$(blkid -o value -s LABEL "$dev" 2>/dev/null)"
+ if [ "$label" = "NEXUSCLIENTISO" ]; then
+ DISK="$dev"
+ break 2
+ fi
+ fi
+ done
+done
+
+
+mkdir -p /cdrom
+mount -t iso9660 $DISK /cdrom
+
+cryptsetup isLuks /cdrom/squash.rootfs
+exit_code=$?
+if [ ! $exit_code -eq 0 ]; then
+ mount_and_switch /cdrom/squash.rootfs
+fi
+
+
+echo "Waiting for Yubikey."
+while true; do
+ output=$(ykchalresp -2 -i /scripts/challenge 2>&1)
+
+ exit_code=$?
+
+ if read -t 1 -n 1 input && [ "$input" = "p" ]; then
+ echo ""
+ decrypt_with_passphrase /cdrom/squash.rootfs
+ continue
+ fi
+
+ if [ "$exit_code" -eq 1 ]; then
+ sleep 1
+ continue
+ fi
+
+ decrypt_with_challenge /cdrom/squash.rootfs $output
+done
diff --git a/live_exam_os/config/02-customisation/etc/initramfs-tools/scripts/pxe b/live_exam_os/config/02-customisation/etc/initramfs-tools/scripts/pxe
index 6579225064bdb0fbc3d4639994f0fd5c5fa410f7..d5ed66b68011bbaca5bb671575cb23810de655dd 100755
--- a/live_exam_os/config/02-customisation/etc/initramfs-tools/scripts/pxe
+++ b/live_exam_os/config/02-customisation/etc/initramfs-tools/scripts/pxe
@@ -1,86 +1,30 @@
#!/bin/sh
-LUKS_FILE="/squash.rootfs"
+. /scripts/tools
-find_active_interface() {
- for iface in $(ls /sys/class/net); do
- if [ "$iface" = "lo" ]; then
- continue
- fi
-
- if [ "$(cat /sys/class/net/$iface/type)" = "1" ]; then
- if ip link show "$iface" | grep -q "<BROADCAST,MULTICAST>"; then
- echo "Lookup for $iface interface"
- dhcpcd -q $iface
- exit_code=$?
-
- if [ "$exit_code" -eq 0 ]; then
- return 0
- fi
- fi
- fi
- done
-
- echo "No active network interface found." >&2
- /bin/sh
- return 1
-}
-
-mount_and_switch() {
- SQUASHFS_PATH=$1
-
- echo "Mounting overlay..."
- mkdir -p /squash /upper /work /newroot
- mount -t squashfs $SQUASHFS_PATH /squash
-
- mount -t overlay -o lowerdir=/squash,upperdir=/upper,workdir=/work overlayfs /newroot
-
- mount -t devtmpfs none /newroot/dev
- mount -t proc none /newroot/proc
- mount -t sysfs none /newroot/sys
- mount -t tmpfs none /newroot/tmp
- mount -t devpts none /newroot/dev/pts
-
- exec switch_root /newroot /sbin/init
-}
-
-decrypt_with_passphrase() {
- cryptsetup open $LUKS_FILE data
- exit_code=$?
-
- if [ "$exit_code" -eq 0 ]; then
- mount_and_switch /dev/mapper/data
- fi
-
- echo "Wrong passphrase"
-}
-
-decrypt_with_challenge() {
- echo -n "$1" | cryptsetup open $LUKS_FILE data
- exit_code=$?
-
- if [ "$exit_code" -eq 0 ]; then
- mount_and_switch /dev/mapper/data
- fi
-
- echo "Decryption error, possibliy wrong Yubikey"
-}
+SQUASH_FILE="/squash.rootfs"
sleep 3
echo "DHCP lookup..."
find_active_interface
-wget $(cat /squashfs-url) -O $LUKS_FILE
+wget $(cat /squashfs-url) -O $SQUASH_FILE
+
+cryptsetup isLuks $SQUASH_FILE
+exit_code=$?
+if [ ! $exit_code -eq 0 ]; then
+ mount_and_switch $SQUASH_FILE
+fi
-echo "Waiting for Yubikey. Press 'p' to enter the passphrase"
+echo "Waiting for Yubikey"
while true; do
output=$(ykchalresp -2 -i /scripts/challenge 2>&1)
exit_code=$?
if read -t 1 -n 1 input && [ "$input" = "p" ]; then
echo ""
- decrypt_with_passphrase
+ decrypt_with_passphrase $SQUASH_FILE
continue
fi
@@ -89,5 +33,5 @@ while true; do
continue
fi
- decrypt_with_challenge $output
+ decrypt_with_challenge $SQUASH_FILE $output
done
diff --git a/live_exam_os/config/02-customisation/etc/initramfs-tools/scripts/tools b/live_exam_os/config/02-customisation/etc/initramfs-tools/scripts/tools
new file mode 100755
index 0000000000000000000000000000000000000000..1f712517796be800b1827df64942f854a0c7cc2e
--- /dev/null
+++ b/live_exam_os/config/02-customisation/etc/initramfs-tools/scripts/tools
@@ -0,0 +1,89 @@
+#!/bin/bash
+
+mount_and_switch() {
+ SQUASHFS_PATH=$1
+
+ mount_fs $SQUASHFS_PATH
+
+ mount -t devtmpfs none /newroot/dev
+ mount -t proc none /newroot/proc
+ mount -t sysfs none /newroot/sys
+ mount -t tmpfs none /newroot/tmp
+ mount -t devpts none /newroot/dev/pts
+
+ exec switch_root /newroot /sbin/init
+}
+
+decrypt_with_passphrase() {
+ SQUASHFS_LUKS=$1
+ cryptsetup open $1 data
+ exit_code=$?
+
+ if [ "$exit_code" -eq 0 ]; then
+ mount_and_switch /dev/mapper/data
+ fi
+
+ echo "Wrong passphrase"
+}
+
+decrypt_with_challenge() {
+ SQUASHFS_LUKS=$1
+ echo -n "$2" | cryptsetup open $SQUASHFS_LUKS data
+ exit_code=$?
+
+ if [ "$exit_code" -eq 0 ]; then
+ mount_and_switch /dev/mapper/data
+ fi
+
+ echo "Decryption error, possibly wrong Yubikey"
+}
+
+mount_fs() {
+ SQUASHFS_PATH=$1
+ mkdir -p /newroot/{home, run, tmp, var/log, var/tmp} /rw_home /squash
+
+ if grep -q "squashfs_tmpfs" /proc/cmdline; then
+ echo "Mounting fs on ram..."
+ mount -t squashfs -o loop,ro $SQUASHFS_PATH /squash
+ mount -t tmpfs none /newroot
+ cp -rp /squash/* /newroot
+ else
+ echo "Mounting fs..."
+ mount -t squashfs -o loop,ro "$SQUASHFS_PATH" /newroot
+ fi
+
+ mount -t tmpfs none /rw_home
+ cp -rp /newroot/home/. /rw_home/
+
+ mount -t tmpfs none /newroot/run
+ mount -t tmpfs none /newroot/tmp
+ mount -t tmpfs none /newroot/var/log
+ mount -t tmpfs none /newroot/var/tmp
+ mount -t tmpfs none /newroot/var/lib/systemd
+ mount --bind /rw_home /newroot/home
+}
+
+
+find_active_interface() {
+ for iface in $(ls /sys/class/net); do
+ if [ "$iface" = "lo" ]; then
+ continue
+ fi
+
+ if [ "$(cat /sys/class/net/$iface/type)" = "1" ]; then
+ if ip link show "$iface" | grep -q "<BROADCAST,MULTICAST>"; then
+ echo "Lookup for $iface interface"
+ dhcpcd -q $iface
+ exit_code=$?
+
+ if [ "$exit_code" -eq 0 ]; then
+ return 0
+ fi
+ fi
+ fi
+ done
+
+ echo "No active network interface found." >&2
+ /bin/sh
+ return 1
+}
diff --git a/live_exam_os/config/02-customisation/home/user/.profile b/live_exam_os/config/02-customisation/home/user/.profile
index 9992ad7ebe5dfb0ee9336dcc7099d9a444c19f35..fecabe0d3d60460df4510a1265a496cacdd0b8b7 100644
--- a/live_exam_os/config/02-customisation/home/user/.profile
+++ b/live_exam_os/config/02-customisation/home/user/.profile
@@ -2,4 +2,4 @@ while [ ! -e /dev/dri/card* ]; do
sleep 1
done
-startx
+startx && poweroff
diff --git a/live_exam_os/config/03-post_install/2500-disable_services.sh b/live_exam_os/config/03-post_install/2500-disable_services.sh
new file mode 100755
index 0000000000000000000000000000000000000000..7d247d7c8d6d846df07bfaa851733735676a8806
--- /dev/null
+++ b/live_exam_os/config/03-post_install/2500-disable_services.sh
@@ -0,0 +1,6 @@
+#/bin/sh
+
+. tools/functions.sh
+
+echo " [Masking services...]"
+run_command_chroot systemctl mask console-setup
diff --git a/live_exam_os/config/03-post_install/3000-nexus_exam.sh b/live_exam_os/config/03-post_install/3000-nexus_exam.sh
index 5d80457aa0f7acb9dd4097e62858d162b8fa4845..0894fb98e9d4d679c290c2b392ab8398cba1c122 100755
--- a/live_exam_os/config/03-post_install/3000-nexus_exam.sh
+++ b/live_exam_os/config/03-post_install/3000-nexus_exam.sh
@@ -3,7 +3,7 @@
. tools/functions.sh
echo " [Compiling nexus-exam...]"
-cd ..
+pushd .. > /dev/null
run_command make build_nexus-exam SERVER=$SERVER CERT=$CERT EXAM_USER=$EXAM_USER EXAM_PWD=$EXAM_PWD
check_exit_code $? "Error during nexus-exam compilation"
if [[ "$ROOTFS_DIR" != /* ]]; then
@@ -14,4 +14,4 @@ else
cp build/nexus-exam $ROOTFS_DIR/usr/local/bin/nexus-exam
fi
make clean_client
-cd -
+popd > /dev/null
diff --git a/live_exam_os/config/03-post_install/5000-push_challenge.sh b/live_exam_os/config/03-post_install/5000-push_challenge.sh
new file mode 100755
index 0000000000000000000000000000000000000000..27bfbe6a91dddc542aee97f2085613a06b442769
--- /dev/null
+++ b/live_exam_os/config/03-post_install/5000-push_challenge.sh
@@ -0,0 +1,6 @@
+#/bin/bash
+
+. tools/functions.sh
+
+ echo " [Adding challenge file...]"
+ echo "$CHALLENGE" > $ROOTFS_DIR/etc/challenge
diff --git a/live_exam_os/config/03-post_install/5000-pxe.sh b/live_exam_os/config/03-post_install/5000-pxe.sh
index ecf5afdca64f7b693f7ab333db20590b1a88ceaa..5f11861249dee6d54217138c389b837c3e011207 100755
--- a/live_exam_os/config/03-post_install/5000-pxe.sh
+++ b/live_exam_os/config/03-post_install/5000-pxe.sh
@@ -4,5 +4,5 @@
if [ ! -z $PXE_URL ]; then
echo " [Adding PXE url...]"
- echo -n "$PXE_URL/$LUKS_IMG" > $ROOTFS_DIR/etc/squashfs-url
+ echo -n "$PXE_URL/$SQUASHFS_IMG" > $ROOTFS_DIR/etc/squashfs-url
fi
diff --git a/live_exam_os/config/03-post_install/9999-initramfs.sh b/live_exam_os/config/03-post_install/8000-initramfs.sh
similarity index 100%
rename from live_exam_os/config/03-post_install/9999-initramfs.sh
rename to live_exam_os/config/03-post_install/8000-initramfs.sh
diff --git a/live_exam_os/config/03-post_install/9999-cleanup.sh b/live_exam_os/config/03-post_install/9999-cleanup.sh
new file mode 100755
index 0000000000000000000000000000000000000000..deafdfb86c08de5738f31ecaf5d32246340cffda
--- /dev/null
+++ b/live_exam_os/config/03-post_install/9999-cleanup.sh
@@ -0,0 +1,7 @@
+#/bin/bash
+
+. tools/functions.sh
+
+echo " [Cleanup...]"
+PACKAGES="casper krb5-locales libatm1t64 libglib2.0-data libnss-systemd libpam-cap logrotate python3-rich rfkill rsyslog systemd-hwe-hwdb systemd-resolved systemd-timesyncd ubuntu-pro-client-l10n xfce4-terminal xxd yubikey-personalization zstd"
+run_command_chroot apt remove --purge -y $PACKAGES
diff --git a/live_exam_os/tools/functions.sh b/live_exam_os/tools/functions.sh
index ad9b11332ba645a73e1beb665795a3f8c9f3785a..0a945add858c7f1637233dc99b424adf8d1ffc86 100755
--- a/live_exam_os/tools/functions.sh
+++ b/live_exam_os/tools/functions.sh
@@ -37,3 +37,15 @@ check_environment_var() {
helper
fi
}
+
+get_total_size() {
+ local total=0
+ for file in "$@"; do
+ if [[ -f "$file" ]]; then
+ total=$(( total + $(stat -c%s "$file") ))
+ else
+ return 1
+ fi
+ done
+ echo "$total"
+}