webconverger / debian-live-config Goto Github PK

View Code? Open in Web Editor NEW

24.0 6.0 23.0 64.08 MB

Used with live-build to build the chroot

Home Page: https://hub.docker.com/r/webc/isobuilder/

License: MIT License

Shell 36.80% Makefile 63.20%

debian-live-config's Introduction

Webconverger Debian Live build configuration

For the source of the rootfs aka $WEBC_CHECKOUT, please use: https://github.com/Webconverger/webc

Setup

yourhost # docker run --name buildwebc -it -v $WEBC_CHECKOUT:/root/Debian-Live-config/webconverger/chroot webc/isobuilder

Building the image

insidecontainer # make # <--- run inside container

Get the built ISO out

yourhost # docker cp buildwebc:/root/Debian-Live-config/webconverger/live-image-i386.hybrid.iso test.iso

or see [build.sh](build.sh).

When you need to revisit the image

yourhost # docker start -ai buildwebc

yourhost # docker start buildwebc
yourhost # docker exec -it buildwebc /bin/bash

debian-live-config's People

Contributors

Stargazers

Watchers

Forkers

manchoz simplificator matthijskooijman koenr kuedan bshephard cannibalflea-zz ttreeagency hughschung pcranston hihihippp lamby andrewtfry skotos aga-git spkldr ro9ueadmin j8j8-chronium joachimth

debian-live-config's Issues

Activate numlock on boot

https://groups.google.com/forum/#!msg/webc-users/obIN4SHNNHk/wKx223Jxw68J

webconverger init script not working, preinst move

after the move of debs to the include.chroot, the webconverger init script stopped working, along with other things the deb's set up before

a quick fix I did was make a new script in config/hooks/init.chroot with update-rc.d webconverger defaults

did a quick check of all the files changed since the move, but i cant find where the users are configured as here https://github.com/Webconverger/base/blob/master/debian/preinst ?

DIRECTORY LISTING - IMFORMATION DISCLOSURE BUG

sir/mam,
i have found DIRECTORY LISTING BUGS IN these URLs:
http://webconverger.org/blog/2015/
http://webconverger.org/blog/2017/
http://webconverger.org/blog/2008/
http://webconverger.org/blog/2012/
http://webconverger.org/blog/2016/
http://webconverger.org/blog/entry/
http://webconverger.org/ikiwiki/login-selector/
http://webconverger.org/img/2014/
http://webconverger.org/img/2015/
http://webconverger.org/img/2016/
https://webconverger.org/static/2015/

SECURITY IMPACT
An attacker can see the files located in the directory and could potentially access files which disclose sensitive information.

ACTIONS TO TAKE

1.Change your server configuration file. A recommended configuration for the requested directory should be in the following format:

<Directory /{YOUR DIRECTORY}>
Options FollowSymLinks

2.Remove the Indexes option from configuration. Do not forget to remove MultiViews, as well.
Configure the web server to disallow directory listing requests.
3.Ensure that the latest security patches have been applied to the web server and the current stable version of the software is in use.

Please patch this vulnerability as soon as possible.
Thanking you
PRASANNA DASH

xorriso: "Malformed environment variable SOURCE_DATE_EPOCH encountered"

Causing the binary target to fail.

Writing to 'stdio:live-image-i386.hybrid.iso' completed successfully.

xorriso : NOTE : -return_with SORRY 32 triggered by problem severity SORRY
Makefile:40: recipe for target 'binary' failed
make: *** [binary] Error 32

Consider switching to ESR

http://www.mozilla.org/en-US/firefox/organizations/
https://mail.mozilla.org/listinfo/enterprise

"ESR" AFAICT are 1 year stable releases. Right now Webconverger relies on Progress Iceweasel backports of pretty much the latest Firefox.

We haven't seen a stability problem and we usually take care of "mediating" new features via the extension https://github.com/Webconverger/iceweasel-webconverger that might disrupt our corporate users.

So lets sit on this one.

Clean up menu

Proposal: No 486 menu since people generally accidentally choose this or get confused between 486/686.

Webconverger Live kiosk >
- Languages starting with English as default
Neon with http://neon.webconverger.com/about/ options
Install

Clean checkout does not build

When working on a clean checkout of a repo derived from webconverger, I found two problems in the resulting chroot:

chroot/tmp did not have the right permissions, making it non-writable for unprivileged users. It should have 1777.
chroot/dev is empty.

Both of these problems prevented apt-get update from working. I could reproduce this on a clean Webconverger too, which showed three problems:

When /dev/null is missing, apt-get update hangs on "Waiting for headers..." (for some repositories, not all it seems).
When /dev/urandom is missing, apt-get update crashes with:

terminate called after throwing an instance of 'std::runtime_error'
  what():  random_device::random_device(const std::string&)

When the /tmp/ permissions are wrong, apt-get update shows:

Err:1 http://security.debian.org stretch/updates InRelease
  Couldn't create temporary file /tmp/apt.conf.4A7Zis for passing config to apt-key

None of these seem to influence building, so that's probably why this didn't show up earlier (anyone who is actively working on installing new packages and managing the chroot, probably still has an old checkout, from the time that live-build still handled this kind of stuff).

I think it would be good if this was somehow fixed, though there's two open questions:

Where/when to do this? After the clone done by the makefile in this repo? On every build? Or in a script inside the chroot perhaps?
What /dev/ files to create? I looked for a command that would give a minimal universal set of devices, but haven't found one so far. I tried busybox' mdev command, but that needs /sys to work and creates a lot of system-specific devices (and messes up the permissions on /dev/null, so it still doesn't work). The best approach might just be a hardcoded list of devices, e.g. http://www.linuxfromscratch.org/lfs/view/6.1/chapter06/devices.html

Localise epdfview

https://groups.google.com/forum/#!topic/webc-users/8OoxxtamhYE/discussion

Build log on build.webconverger.org contais errors

As you can see in http://build.webconverger.org/webconverger.2013-02-26.txt there seems to be a missing file in the syslinux package. Had a problem with the Makefile too, there was something wrong with the bootloader. Might be the same.

Bug in kioskresetstation

https://groups.google.com/d/msg/webc-users/5_N26EEKbBc/9Gnalh7UO4oJ

Make syslinux/extlinux easier to manipulate /proc/cmdline

White on white is a bit dumb.... in agreement with www.linuxuser.co.uk/reviews/webconverger-11-review/

syslinux-themes-webc is actually responsible here

Download freezing

I've attemtped downloading the iso multiple times today.
It starts out around 680K and then after 10 to 40 MB's, it locks up.

Upgrade to 4.x

https://packages.qa.debian.org/l/live-build.html

Upstream patch to live-build 3.0.5-1

15:58 <hendry> dba: hi daniel, i want to reduce the flavours for "686-pae 486" to just "686-pae"
15:58 <hendry> but i want to keep 486 around for legacy
15:59 <hendry> so in order to make binary_syslinux do my bidding, I had to rip out http://s.natalian.org/2014-09-17/2to1.patch
16:00 <hendry> which is present in 3.0.5-1 right upto 4.x IIUC
18:48 <hendry> dba: we will be supporting legacy 486 via our webconverger install option
18:48 <hendry> dba: i.e. not via debian live if you know what i mean

boot broken on private network or no internet connection

b9f207a broke (as feared :) ) the boot on my installation

besides backgrounding, I propose just pinging the gateway as a backup

lastly, /tmp/MACID was removed, is there a replacement ?

duplicated xorg conf code

Code at webconverger/config/includes.chroot/etc/X11/xorg.webc.conf is being duplicated by webconverger/config/includes.chroot/etc/init.d/webconverger#L59.

Removing one fixes some shutdown, xinput, and xorg reloading issues.
Edit: never mind, the problem was deeper,caused by screen-rotation issues of some devices, duplicated issue still valid

PS: Like the new issue system, I do hope I am not abusing it :)
Edit: I am :)