├── CONTRIBUTING.md ├── COPYING ├── Makefile ├── README.md ├── auto-generated-man-pages ├── dist-info.8 └── dsudo.8 ├── boot └── grub │ └── themes │ └── dist-common │ ├── inter-grub_bold_34.pf2 │ ├── inter-grub_regular_17.pf2 │ ├── inter-grub_regular_20.pf2 │ ├── select_c.png │ ├── select_e.png │ ├── select_w.png │ ├── terminal_box_c.png │ ├── terminal_box_e.png │ ├── terminal_box_n.png │ ├── terminal_box_ne.png │ ├── terminal_box_nw.png │ ├── terminal_box_s.png │ ├── terminal_box_se.png │ ├── terminal_box_sw.png │ ├── terminal_box_w.png │ └── terminus-grub_14.pf2 ├── changelog.upstream ├── debian ├── changelog ├── control ├── copyright ├── dist-base-files.displace-extension ├── dist-base-files.hide ├── dist-base-files.install ├── dist-base-files.links ├── dist-base-files.postinst ├── dist-base-files.preinst ├── dist-base-files.undisplace ├── make-helper-overrides.bsh ├── rules ├── source │ ├── format │ └── lintian-overrides └── watch ├── etc ├── grub.d │ ├── 10_00_linux_dist │ └── 10_50_linux_dist_advanced ├── machine-id ├── privleap │ └── conf.d │ │ └── dist-base-files.conf ├── qubes │ └── post-install.d │ │ └── 20-qubes-persistent-mode-user.sh ├── sudoers.d │ └── 30_default-password-lecture └── update-motd.d │ └── 30_dist-base-files ├── man ├── dist-info.8.ronn └── dsudo.8.ronn ├── usr ├── bin │ ├── dist-info │ └── dsudo ├── lib │ ├── qubes-bind-dirs.d │ │ └── 40_dist-base-files.conf │ └── systemd │ │ └── system │ │ └── dist-skel-first-boot.service ├── libexec │ └── derivative-base-files │ │ ├── askpass-default │ │ └── repart-enable └── share │ ├── derivative-base-files │ ├── 20_dist-base-files.cfg │ ├── dracut-conf-d_30-repart.conf │ ├── repart-d_50-root.conf │ └── sudo-default-password-lecture │ ├── distro-info │ ├── kicksecure.csv │ └── kicksecure.csv.readme │ └── lintian │ └── overrides │ └── dist-base-files └── var └── lib └── dbus └── machine-id /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | Conditions for Contributions to Whonix 2 | 3 | By contributing to Whonix, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. 4 | 5 | https://www.whonix.org/wiki/Privacy_Policy 6 | 7 | https://www.whonix.org/wiki/Cookie_Policy 8 | 9 | https://www.whonix.org/wiki/Terms_of_Service 10 | 11 | https://www.whonix.org/wiki/E-Sign_Consent 12 | 13 | Conditions for Contributions to Whonix are not part of Whonix's license. 14 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ 2 | 3 | Files: * 4 | Copyright: 2012 - 2025 ENCRYPTED SUPPORT LLC 5 | License: AGPL-3+ 6 | 7 | Files: boot/grub/themes/dist-common/terminus-grub_14.pf2 8 | Copyright: 2010 - 2014 Dimitar Toshkov Zhekov 9 | License: OFL-1.1 10 | Comment: 11 | Generated at package build time from the original Terminus Font 12 | using grub-mkfont. Renamed to Terminus-grub. 13 | 14 | Files: boot/grub/themes/dist-common/inter-grub_regular_17.pf2 15 | boot/grub/themes/dist-common/inter-grub_regular_20.pf2 16 | Copyright: 2016 - 2022 The Inter Project Authors 17 | License: OFL-1.1 18 | Comment: 19 | Generated at package build time from the original Inter font 20 | using grub-mkfont. Renamed to Inter-grub. 21 | 22 | Files: etc/grub.d/10_00_linux_dist 23 | etc/grub.d/10_50_linux_dist_advanced 24 | Copyright: 2006 - 2010 Free Software Foundation, Inc 25 | License: GPL-3+ 26 | Comment: 27 | Exact copies of the original /etc/grub.d/10_linux file, but with some segments 28 | commented out and some extra comments added for clarity. 29 | 30 | License: GPL-3+ 31 | This package is free software; you can redistribute it and/or modify 32 | it under the terms of the GNU General Public License as published by 33 | the Free Software Foundation; either version 3 of the License, or 34 | (at your option) any later version. 35 | . 36 | This package is distributed in the hope that it will be useful, 37 | but WITHOUT ANY WARRANTY; without even the implied warranty of 38 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 39 | GNU General Public License for more details. 40 | . 41 | You should have received a copy of the GNU General Public License 42 | along with this program. If not, see 43 | . 44 | On Debian systems, the complete text of the GNU General 45 | Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". 46 | 47 | License: AGPL-3+ 48 | GNU AFFERO GENERAL PUBLIC LICENSE 49 | Version 3, 19 November 2007 50 | . 51 | Copyright (C) 2007 Free Software Foundation, Inc. 52 | Everyone is permitted to copy and distribute verbatim copies 53 | of this license document, but changing it is not allowed. 54 | . 55 | Preamble 56 | . 57 | The GNU Affero General Public License is a free, copyleft license for 58 | software and other kinds of works, specifically designed to ensure 59 | cooperation with the community in the case of network server software. 60 | . 61 | The licenses for most software and other practical works are designed 62 | to take away your freedom to share and change the works. By contrast, 63 | our General Public Licenses are intended to guarantee your freedom to 64 | share and change all versions of a program--to make sure it remains free 65 | software for all its users. 66 | . 67 | When we speak of free software, we are referring to freedom, not 68 | price. Our General Public Licenses are designed to make sure that you 69 | have the freedom to distribute copies of free software (and charge for 70 | them if you wish), that you receive source code or can get it if you 71 | want it, that you can change the software or use pieces of it in new 72 | free programs, and that you know you can do these things. 73 | . 74 | Developers that use our General Public Licenses protect your rights 75 | with two steps: (1) assert copyright on the software, and (2) offer 76 | you this License which gives you legal permission to copy, distribute 77 | and/or modify the software. 78 | . 79 | A secondary benefit of defending all users' freedom is that 80 | improvements made in alternate versions of the program, if they 81 | receive widespread use, become available for other developers to 82 | incorporate. Many developers of free software are heartened and 83 | encouraged by the resulting cooperation. However, in the case of 84 | software used on network servers, this result may fail to come about. 85 | The GNU General Public License permits making a modified version and 86 | letting the public access it on a server without ever releasing its 87 | source code to the public. 88 | . 89 | The GNU Affero General Public License is designed specifically to 90 | ensure that, in such cases, the modified source code becomes available 91 | to the community. It requires the operator of a network server to 92 | provide the source code of the modified version running there to the 93 | users of that server. Therefore, public use of a modified version, on 94 | a publicly accessible server, gives the public access to the source 95 | code of the modified version. 96 | . 97 | An older license, called the Affero General Public License and 98 | published by Affero, was designed to accomplish similar goals. This is 99 | a different license, not a version of the Affero GPL, but Affero has 100 | released a new version of the Affero GPL which permits relicensing under 101 | this license. 102 | . 103 | The precise terms and conditions for copying, distribution and 104 | modification follow. 105 | . 106 | TERMS AND CONDITIONS 107 | . 108 | 0. Definitions. 109 | . 110 | "This License" refers to version 3 of the GNU Affero General Public License. 111 | . 112 | "Copyright" also means copyright-like laws that apply to other kinds of 113 | works, such as semiconductor masks. 114 | . 115 | "The Program" refers to any copyrightable work licensed under this 116 | License. Each licensee is addressed as "you". "Licensees" and 117 | "recipients" may be individuals or organizations. 118 | . 119 | To "modify" a work means to copy from or adapt all or part of the work 120 | in a fashion requiring copyright permission, other than the making of an 121 | exact copy. The resulting work is called a "modified version" of the 122 | earlier work or a work "based on" the earlier work. 123 | . 124 | A "covered work" means either the unmodified Program or a work based 125 | on the Program. 126 | . 127 | To "propagate" a work means to do anything with it that, without 128 | permission, would make you directly or secondarily liable for 129 | infringement under applicable copyright law, except executing it on a 130 | computer or modifying a private copy. Propagation includes copying, 131 | distribution (with or without modification), making available to the 132 | public, and in some countries other activities as well. 133 | . 134 | To "convey" a work means any kind of propagation that enables other 135 | parties to make or receive copies. Mere interaction with a user through 136 | a computer network, with no transfer of a copy, is not conveying. 137 | . 138 | An interactive user interface displays "Appropriate Legal Notices" 139 | to the extent that it includes a convenient and prominently visible 140 | feature that (1) displays an appropriate copyright notice, and (2) 141 | tells the user that there is no warranty for the work (except to the 142 | extent that warranties are provided), that licensees may convey the 143 | work under this License, and how to view a copy of this License. If 144 | the interface presents a list of user commands or options, such as a 145 | menu, a prominent item in the list meets this criterion. 146 | . 147 | 1. Source Code. 148 | . 149 | The "source code" for a work means the preferred form of the work 150 | for making modifications to it. "Object code" means any non-source 151 | form of a work. 152 | . 153 | A "Standard Interface" means an interface that either is an official 154 | standard defined by a recognized standards body, or, in the case of 155 | interfaces specified for a particular programming language, one that 156 | is widely used among developers working in that language. 157 | . 158 | The "System Libraries" of an executable work include anything, other 159 | than the work as a whole, that (a) is included in the normal form of 160 | packaging a Major Component, but which is not part of that Major 161 | Component, and (b) serves only to enable use of the work with that 162 | Major Component, or to implement a Standard Interface for which an 163 | implementation is available to the public in source code form. A 164 | "Major Component", in this context, means a major essential component 165 | (kernel, window system, and so on) of the specific operating system 166 | (if any) on which the executable work runs, or a compiler used to 167 | produce the work, or an object code interpreter used to run it. 168 | . 169 | The "Corresponding Source" for a work in object code form means all 170 | the source code needed to generate, install, and (for an executable 171 | work) run the object code and to modify the work, including scripts to 172 | control those activities. However, it does not include the work's 173 | System Libraries, or general-purpose tools or generally available free 174 | programs which are used unmodified in performing those activities but 175 | which are not part of the work. For example, Corresponding Source 176 | includes interface definition files associated with source files for 177 | the work, and the source code for shared libraries and dynamically 178 | linked subprograms that the work is specifically designed to require, 179 | such as by intimate data communication or control flow between those 180 | subprograms and other parts of the work. 181 | . 182 | The Corresponding Source need not include anything that users 183 | can regenerate automatically from other parts of the Corresponding 184 | Source. 185 | . 186 | The Corresponding Source for a work in source code form is that 187 | same work. 188 | . 189 | 2. Basic Permissions. 190 | . 191 | All rights granted under this License are granted for the term of 192 | copyright on the Program, and are irrevocable provided the stated 193 | conditions are met. This License explicitly affirms your unlimited 194 | permission to run the unmodified Program. The output from running a 195 | covered work is covered by this License only if the output, given its 196 | content, constitutes a covered work. This License acknowledges your 197 | rights of fair use or other equivalent, as provided by copyright law. 198 | . 199 | You may make, run and propagate covered works that you do not 200 | convey, without conditions so long as your license otherwise remains 201 | in force. You may convey covered works to others for the sole purpose 202 | of having them make modifications exclusively for you, or provide you 203 | with facilities for running those works, provided that you comply with 204 | the terms of this License in conveying all material for which you do 205 | not control copyright. Those thus making or running the covered works 206 | for you must do so exclusively on your behalf, under your direction 207 | and control, on terms that prohibit them from making any copies of 208 | your copyrighted material outside their relationship with you. 209 | . 210 | Conveying under any other circumstances is permitted solely under 211 | the conditions stated below. Sublicensing is not allowed; section 10 212 | makes it unnecessary. 213 | . 214 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 215 | . 216 | No covered work shall be deemed part of an effective technological 217 | measure under any applicable law fulfilling obligations under article 218 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 219 | similar laws prohibiting or restricting circumvention of such 220 | measures. 221 | . 222 | When you convey a covered work, you waive any legal power to forbid 223 | circumvention of technological measures to the extent such circumvention 224 | is effected by exercising rights under this License with respect to 225 | the covered work, and you disclaim any intention to limit operation or 226 | modification of the work as a means of enforcing, against the work's 227 | users, your or third parties' legal rights to forbid circumvention of 228 | technological measures. 229 | . 230 | 4. Conveying Verbatim Copies. 231 | . 232 | You may convey verbatim copies of the Program's source code as you 233 | receive it, in any medium, provided that you conspicuously and 234 | appropriately publish on each copy an appropriate copyright notice; 235 | keep intact all notices stating that this License and any 236 | non-permissive terms added in accord with section 7 apply to the code; 237 | keep intact all notices of the absence of any warranty; and give all 238 | recipients a copy of this License along with the Program. 239 | . 240 | You may charge any price or no price for each copy that you convey, 241 | and you may offer support or warranty protection for a fee. 242 | . 243 | 5. Conveying Modified Source Versions. 244 | . 245 | You may convey a work based on the Program, or the modifications to 246 | produce it from the Program, in the form of source code under the 247 | terms of section 4, provided that you also meet all of these conditions: 248 | . 249 | a) The work must carry prominent notices stating that you modified 250 | it, and giving a relevant date. 251 | . 252 | b) The work must carry prominent notices stating that it is 253 | released under this License and any conditions added under section 254 | 7. This requirement modifies the requirement in section 4 to 255 | "keep intact all notices". 256 | . 257 | c) You must license the entire work, as a whole, under this 258 | License to anyone who comes into possession of a copy. This 259 | License will therefore apply, along with any applicable section 7 260 | additional terms, to the whole of the work, and all its parts, 261 | regardless of how they are packaged. This License gives no 262 | permission to license the work in any other way, but it does not 263 | invalidate such permission if you have separately received it. 264 | . 265 | d) If the work has interactive user interfaces, each must display 266 | Appropriate Legal Notices; however, if the Program has interactive 267 | interfaces that do not display Appropriate Legal Notices, your 268 | work need not make them do so. 269 | . 270 | A compilation of a covered work with other separate and independent 271 | works, which are not by their nature extensions of the covered work, 272 | and which are not combined with it such as to form a larger program, 273 | in or on a volume of a storage or distribution medium, is called an 274 | "aggregate" if the compilation and its resulting copyright are not 275 | used to limit the access or legal rights of the compilation's users 276 | beyond what the individual works permit. Inclusion of a covered work 277 | in an aggregate does not cause this License to apply to the other 278 | parts of the aggregate. 279 | . 280 | 6. Conveying Non-Source Forms. 281 | . 282 | You may convey a covered work in object code form under the terms 283 | of sections 4 and 5, provided that you also convey the 284 | machine-readable Corresponding Source under the terms of this License, 285 | in one of these ways: 286 | . 287 | a) Convey the object code in, or embodied in, a physical product 288 | (including a physical distribution medium), accompanied by the 289 | Corresponding Source fixed on a durable physical medium 290 | customarily used for software interchange. 291 | . 292 | b) Convey the object code in, or embodied in, a physical product 293 | (including a physical distribution medium), accompanied by a 294 | written offer, valid for at least three years and valid for as 295 | long as you offer spare parts or customer support for that product 296 | model, to give anyone who possesses the object code either (1) a 297 | copy of the Corresponding Source for all the software in the 298 | product that is covered by this License, on a durable physical 299 | medium customarily used for software interchange, for a price no 300 | more than your reasonable cost of physically performing this 301 | conveying of source, or (2) access to copy the 302 | Corresponding Source from a network server at no charge. 303 | . 304 | c) Convey individual copies of the object code with a copy of the 305 | written offer to provide the Corresponding Source. This 306 | alternative is allowed only occasionally and noncommercially, and 307 | only if you received the object code with such an offer, in accord 308 | with subsection 6b. 309 | . 310 | d) Convey the object code by offering access from a designated 311 | place (gratis or for a charge), and offer equivalent access to the 312 | Corresponding Source in the same way through the same place at no 313 | further charge. You need not require recipients to copy the 314 | Corresponding Source along with the object code. If the place to 315 | copy the object code is a network server, the Corresponding Source 316 | may be on a different server (operated by you or a third party) 317 | that supports equivalent copying facilities, provided you maintain 318 | clear directions next to the object code saying where to find the 319 | Corresponding Source. Regardless of what server hosts the 320 | Corresponding Source, you remain obligated to ensure that it is 321 | available for as long as needed to satisfy these requirements. 322 | . 323 | e) Convey the object code using peer-to-peer transmission, provided 324 | you inform other peers where the object code and Corresponding 325 | Source of the work are being offered to the general public at no 326 | charge under subsection 6d. 327 | . 328 | A separable portion of the object code, whose source code is excluded 329 | from the Corresponding Source as a System Library, need not be 330 | included in conveying the object code work. 331 | . 332 | A "User Product" is either (1) a "consumer product", which means any 333 | tangible personal property which is normally used for personal, family, 334 | or household purposes, or (2) anything designed or sold for incorporation 335 | into a dwelling. In determining whether a product is a consumer product, 336 | doubtful cases shall be resolved in favor of coverage. For a particular 337 | product received by a particular user, "normally used" refers to a 338 | typical or common use of that class of product, regardless of the status 339 | of the particular user or of the way in which the particular user 340 | actually uses, or expects or is expected to use, the product. A product 341 | is a consumer product regardless of whether the product has substantial 342 | commercial, industrial or non-consumer uses, unless such uses represent 343 | the only significant mode of use of the product. 344 | . 345 | "Installation Information" for a User Product means any methods, 346 | procedures, authorization keys, or other information required to install 347 | and execute modified versions of a covered work in that User Product from 348 | a modified version of its Corresponding Source. The information must 349 | suffice to ensure that the continued functioning of the modified object 350 | code is in no case prevented or interfered with solely because 351 | modification has been made. 352 | . 353 | If you convey an object code work under this section in, or with, or 354 | specifically for use in, a User Product, and the conveying occurs as 355 | part of a transaction in which the right of possession and use of the 356 | User Product is transferred to the recipient in perpetuity or for a 357 | fixed term (regardless of how the transaction is characterized), the 358 | Corresponding Source conveyed under this section must be accompanied 359 | by the Installation Information. But this requirement does not apply 360 | if neither you nor any third party retains the ability to install 361 | modified object code on the User Product (for example, the work has 362 | been installed in ROM). 363 | . 364 | The requirement to provide Installation Information does not include a 365 | requirement to continue to provide support service, warranty, or updates 366 | for a work that has been modified or installed by the recipient, or for 367 | the User Product in which it has been modified or installed. Access to a 368 | network may be denied when the modification itself materially and 369 | adversely affects the operation of the network or violates the rules and 370 | protocols for communication across the network. 371 | . 372 | Corresponding Source conveyed, and Installation Information provided, 373 | in accord with this section must be in a format that is publicly 374 | documented (and with an implementation available to the public in 375 | source code form), and must require no special password or key for 376 | unpacking, reading or copying. 377 | . 378 | 7. Additional Terms. 379 | . 380 | "Additional permissions" are terms that supplement the terms of this 381 | License by making exceptions from one or more of its conditions. 382 | Additional permissions that are applicable to the entire Program shall 383 | be treated as though they were included in this License, to the extent 384 | that they are valid under applicable law. If additional permissions 385 | apply only to part of the Program, that part may be used separately 386 | under those permissions, but the entire Program remains governed by 387 | this License without regard to the additional permissions. 388 | . 389 | When you convey a copy of a covered work, you may at your option 390 | remove any additional permissions from that copy, or from any part of 391 | it. (Additional permissions may be written to require their own 392 | removal in certain cases when you modify the work.) You may place 393 | additional permissions on material, added by you to a covered work, 394 | for which you have or can give appropriate copyright permission. 395 | . 396 | Notwithstanding any other provision of this License, for material you 397 | add to a covered work, you may (if authorized by the copyright holders of 398 | that material) supplement the terms of this License with terms: 399 | . 400 | a) Disclaiming warranty or limiting liability differently from the 401 | terms of sections 15 and 16 of this License; or 402 | . 403 | b) Requiring preservation of specified reasonable legal notices or 404 | author attributions in that material or in the Appropriate Legal 405 | Notices displayed by works containing it; or 406 | . 407 | c) Prohibiting misrepresentation of the origin of that material, or 408 | requiring that modified versions of such material be marked in 409 | reasonable ways as different from the original version; or 410 | . 411 | d) Limiting the use for publicity purposes of names of licensors or 412 | authors of the material; or 413 | . 414 | e) Declining to grant rights under trademark law for use of some 415 | trade names, trademarks, or service marks; or 416 | . 417 | f) Requiring indemnification of licensors and authors of that 418 | material by anyone who conveys the material (or modified versions of 419 | it) with contractual assumptions of liability to the recipient, for 420 | any liability that these contractual assumptions directly impose on 421 | those licensors and authors. 422 | . 423 | All other non-permissive additional terms are considered "further 424 | restrictions" within the meaning of section 10. If the Program as you 425 | received it, or any part of it, contains a notice stating that it is 426 | governed by this License along with a term that is a further 427 | restriction, you may remove that term. If a license document contains 428 | a further restriction but permits relicensing or conveying under this 429 | License, you may add to a covered work material governed by the terms 430 | of that license document, provided that the further restriction does 431 | not survive such relicensing or conveying. 432 | . 433 | If you add terms to a covered work in accord with this section, you 434 | must place, in the relevant source files, a statement of the 435 | additional terms that apply to those files, or a notice indicating 436 | where to find the applicable terms. 437 | . 438 | Additional terms, permissive or non-permissive, may be stated in the 439 | form of a separately written license, or stated as exceptions; 440 | the above requirements apply either way. 441 | . 442 | 8. Termination. 443 | . 444 | You may not propagate or modify a covered work except as expressly 445 | provided under this License. Any attempt otherwise to propagate or 446 | modify it is void, and will automatically terminate your rights under 447 | this License (including any patent licenses granted under the third 448 | paragraph of section 11). 449 | . 450 | However, if you cease all violation of this License, then your 451 | license from a particular copyright holder is reinstated (a) 452 | provisionally, unless and until the copyright holder explicitly and 453 | finally terminates your license, and (b) permanently, if the copyright 454 | holder fails to notify you of the violation by some reasonable means 455 | prior to 60 days after the cessation. 456 | . 457 | Moreover, your license from a particular copyright holder is 458 | reinstated permanently if the copyright holder notifies you of the 459 | violation by some reasonable means, this is the first time you have 460 | received notice of violation of this License (for any work) from that 461 | copyright holder, and you cure the violation prior to 30 days after 462 | your receipt of the notice. 463 | . 464 | Termination of your rights under this section does not terminate the 465 | licenses of parties who have received copies or rights from you under 466 | this License. If your rights have been terminated and not permanently 467 | reinstated, you do not qualify to receive new licenses for the same 468 | material under section 10. 469 | . 470 | 9. Acceptance Not Required for Having Copies. 471 | . 472 | You are not required to accept this License in order to receive or 473 | run a copy of the Program. Ancillary propagation of a covered work 474 | occurring solely as a consequence of using peer-to-peer transmission 475 | to receive a copy likewise does not require acceptance. However, 476 | nothing other than this License grants you permission to propagate or 477 | modify any covered work. These actions infringe copyright if you do 478 | not accept this License. Therefore, by modifying or propagating a 479 | covered work, you indicate your acceptance of this License to do so. 480 | . 481 | 10. Automatic Licensing of Downstream Recipients. 482 | . 483 | Each time you convey a covered work, the recipient automatically 484 | receives a license from the original licensors, to run, modify and 485 | propagate that work, subject to this License. You are not responsible 486 | for enforcing compliance by third parties with this License. 487 | . 488 | An "entity transaction" is a transaction transferring control of an 489 | organization, or substantially all assets of one, or subdividing an 490 | organization, or merging organizations. If propagation of a covered 491 | work results from an entity transaction, each party to that 492 | transaction who receives a copy of the work also receives whatever 493 | licenses to the work the party's predecessor in interest had or could 494 | give under the previous paragraph, plus a right to possession of the 495 | Corresponding Source of the work from the predecessor in interest, if 496 | the predecessor has it or can get it with reasonable efforts. 497 | . 498 | You may not impose any further restrictions on the exercise of the 499 | rights granted or affirmed under this License. For example, you may 500 | not impose a license fee, royalty, or other charge for exercise of 501 | rights granted under this License, and you may not initiate litigation 502 | (including a cross-claim or counterclaim in a lawsuit) alleging that 503 | any patent claim is infringed by making, using, selling, offering for 504 | sale, or importing the Program or any portion of it. 505 | . 506 | 11. Patents. 507 | . 508 | A "contributor" is a copyright holder who authorizes use under this 509 | License of the Program or a work on which the Program is based. The 510 | work thus licensed is called the contributor's "contributor version". 511 | . 512 | A contributor's "essential patent claims" are all patent claims 513 | owned or controlled by the contributor, whether already acquired or 514 | hereafter acquired, that would be infringed by some manner, permitted 515 | by this License, of making, using, or selling its contributor version, 516 | but do not include claims that would be infringed only as a 517 | consequence of further modification of the contributor version. For 518 | purposes of this definition, "control" includes the right to grant 519 | patent sublicenses in a manner consistent with the requirements of 520 | this License. 521 | . 522 | Each contributor grants you a non-exclusive, worldwide, royalty-free 523 | patent license under the contributor's essential patent claims, to 524 | make, use, sell, offer for sale, import and otherwise run, modify and 525 | propagate the contents of its contributor version. 526 | . 527 | In the following three paragraphs, a "patent license" is any express 528 | agreement or commitment, however denominated, not to enforce a patent 529 | (such as an express permission to practice a patent or covenant not to 530 | sue for patent infringement). To "grant" such a patent license to a 531 | party means to make such an agreement or commitment not to enforce a 532 | patent against the party. 533 | . 534 | If you convey a covered work, knowingly relying on a patent license, 535 | and the Corresponding Source of the work is not available for anyone 536 | to copy, free of charge and under the terms of this License, through a 537 | publicly available network server or other readily accessible means, 538 | then you must either (1) cause the Corresponding Source to be so 539 | available, or (2) arrange to deprive yourself of the benefit of the 540 | patent license for this particular work, or (3) arrange, in a manner 541 | consistent with the requirements of this License, to extend the patent 542 | license to downstream recipients. "Knowingly relying" means you have 543 | actual knowledge that, but for the patent license, your conveying the 544 | covered work in a country, or your recipient's use of the covered work 545 | in a country, would infringe one or more identifiable patents in that 546 | country that you have reason to believe are valid. 547 | . 548 | If, pursuant to or in connection with a single transaction or 549 | arrangement, you convey, or propagate by procuring conveyance of, a 550 | covered work, and grant a patent license to some of the parties 551 | receiving the covered work authorizing them to use, propagate, modify 552 | or convey a specific copy of the covered work, then the patent license 553 | you grant is automatically extended to all recipients of the covered 554 | work and works based on it. 555 | . 556 | A patent license is "discriminatory" if it does not include within 557 | the scope of its coverage, prohibits the exercise of, or is 558 | conditioned on the non-exercise of one or more of the rights that are 559 | specifically granted under this License. You may not convey a covered 560 | work if you are a party to an arrangement with a third party that is 561 | in the business of distributing software, under which you make payment 562 | to the third party based on the extent of your activity of conveying 563 | the work, and under which the third party grants, to any of the 564 | parties who would receive the covered work from you, a discriminatory 565 | patent license (a) in connection with copies of the covered work 566 | conveyed by you (or copies made from those copies), or (b) primarily 567 | for and in connection with specific products or compilations that 568 | contain the covered work, unless you entered into that arrangement, 569 | or that patent license was granted, prior to 28 March 2007. 570 | . 571 | Nothing in this License shall be construed as excluding or limiting 572 | any implied license or other defenses to infringement that may 573 | otherwise be available to you under applicable patent law. 574 | . 575 | 12. No Surrender of Others' Freedom. 576 | . 577 | If conditions are imposed on you (whether by court order, agreement or 578 | otherwise) that contradict the conditions of this License, they do not 579 | excuse you from the conditions of this License. If you cannot convey a 580 | covered work so as to satisfy simultaneously your obligations under this 581 | License and any other pertinent obligations, then as a consequence you may 582 | not convey it at all. For example, if you agree to terms that obligate you 583 | to collect a royalty for further conveying from those to whom you convey 584 | the Program, the only way you could satisfy both those terms and this 585 | License would be to refrain entirely from conveying the Program. 586 | . 587 | 13. Remote Network Interaction; Use with the GNU General Public License. 588 | . 589 | Notwithstanding any other provision of this License, if you modify the 590 | Program, your modified version must prominently offer all users 591 | interacting with it remotely through a computer network (if your version 592 | supports such interaction) an opportunity to receive the Corresponding 593 | Source of your version by providing access to the Corresponding Source 594 | from a network server at no charge, through some standard or customary 595 | means of facilitating copying of software. This Corresponding Source 596 | shall include the Corresponding Source for any work covered by version 3 597 | of the GNU General Public License that is incorporated pursuant to the 598 | following paragraph. 599 | . 600 | Notwithstanding any other provision of this License, you have 601 | permission to link or combine any covered work with a work licensed 602 | under version 3 of the GNU General Public License into a single 603 | combined work, and to convey the resulting work. The terms of this 604 | License will continue to apply to the part which is the covered work, 605 | but the work with which it is combined will remain governed by version 606 | 3 of the GNU General Public License. 607 | . 608 | 14. Revised Versions of this License. 609 | . 610 | The Free Software Foundation may publish revised and/or new versions of 611 | the GNU Affero General Public License from time to time. Such new versions 612 | will be similar in spirit to the present version, but may differ in detail to 613 | address new problems or concerns. 614 | . 615 | Each version is given a distinguishing version number. If the 616 | Program specifies that a certain numbered version of the GNU Affero General 617 | Public License "or any later version" applies to it, you have the 618 | option of following the terms and conditions either of that numbered 619 | version or of any later version published by the Free Software 620 | Foundation. If the Program does not specify a version number of the 621 | GNU Affero General Public License, you may choose any version ever published 622 | by the Free Software Foundation. 623 | . 624 | If the Program specifies that a proxy can decide which future 625 | versions of the GNU Affero General Public License can be used, that proxy's 626 | public statement of acceptance of a version permanently authorizes you 627 | to choose that version for the Program. 628 | . 629 | Later license versions may give you additional or different 630 | permissions. However, no additional obligations are imposed on any 631 | author or copyright holder as a result of your choosing to follow a 632 | later version. 633 | . 634 | 15. Disclaimer of Warranty. 635 | . 636 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 637 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 638 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 639 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 640 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 641 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 642 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 643 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 644 | . 645 | 16. Limitation of Liability. 646 | . 647 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 648 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 649 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 650 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 651 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 652 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 653 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 654 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 655 | SUCH DAMAGES. 656 | . 657 | 17. Interpretation of Sections 15 and 16. 658 | . 659 | If the disclaimer of warranty and limitation of liability provided 660 | above cannot be given local legal effect according to their terms, 661 | reviewing courts shall apply local law that most closely approximates 662 | an absolute waiver of all civil liability in connection with the 663 | Program, unless a warranty or assumption of liability accompanies a 664 | copy of the Program in return for a fee. 665 | . 666 | END OF TERMS AND CONDITIONS 667 | . 668 | How to Apply These Terms to Your New Programs 669 | . 670 | If you develop a new program, and you want it to be of the greatest 671 | possible use to the public, the best way to achieve this is to make it 672 | free software which everyone can redistribute and change under these terms. 673 | . 674 | To do so, attach the following notices to the program. It is safest 675 | to attach them to the start of each source file to most effectively 676 | state the exclusion of warranty; and each file should have at least 677 | the "copyright" line and a pointer to where the full notice is found. 678 | . 679 | 680 | Copyright (C) 681 | . 682 | This program is free software: you can redistribute it and/or modify 683 | it under the terms of the GNU Affero General Public License as published by 684 | the Free Software Foundation, either version 3 of the License, or 685 | (at your option) any later version. 686 | . 687 | This program is distributed in the hope that it will be useful, 688 | but WITHOUT ANY WARRANTY; without even the implied warranty of 689 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 690 | GNU Affero General Public License for more details. 691 | . 692 | You should have received a copy of the GNU Affero General Public License 693 | along with this program. If not, see . 694 | . 695 | Also add information on how to contact you by electronic and paper mail. 696 | . 697 | If your software can interact with users remotely through a computer 698 | network, you should also make sure that it provides a way for users to 699 | get its source. For example, if your program is a web application, its 700 | interface could display a "Source" link that leads users to an archive 701 | of the code. There are many ways you could offer source, and different 702 | solutions will be better for different programs; see section 13 for the 703 | specific requirements. 704 | . 705 | You should also get your employer (if you work as a programmer) or school, 706 | if any, to sign a "copyright disclaimer" for the program, if necessary. 707 | For more information on this, and how to apply and follow the GNU AGPL, see 708 | . 709 | 710 | License: OFL-1.1 711 | ----------------------------------------------------------- 712 | SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007 713 | ----------------------------------------------------------- 714 | . 715 | PREAMBLE 716 | The goals of the Open Font License (OFL) are to stimulate worldwide 717 | development of collaborative font projects, to support the font creation 718 | efforts of academic and linguistic communities, and to provide a free and 719 | open framework in which fonts may be shared and improved in partnership 720 | with others. 721 | . 722 | The OFL allows the licensed fonts to be used, studied, modified and 723 | redistributed freely as long as they are not sold by themselves. The 724 | fonts, including any derivative works, can be bundled, embedded, 725 | redistributed and/or sold with any software provided that any reserved 726 | names are not used by derivative works. The fonts and derivatives, 727 | however, cannot be released under any other type of license. The 728 | requirement for fonts to remain under this license does not apply 729 | to any document created using the fonts or their derivatives. 730 | . 731 | DEFINITIONS 732 | "Font Software" refers to the set of files released by the Copyright 733 | Holder(s) under this license and clearly marked as such. This may 734 | include source files, build scripts and documentation. 735 | . 736 | "Reserved Font Name" refers to any names specified as such after the 737 | copyright statement(s). 738 | . 739 | "Original Version" refers to the collection of Font Software components as 740 | distributed by the Copyright Holder(s). 741 | . 742 | "Modified Version" refers to any derivative made by adding to, deleting, 743 | or substituting -- in part or in whole -- any of the components of the 744 | Original Version, by changing formats or by porting the Font Software to a 745 | new environment. 746 | . 747 | "Author" refers to any designer, engineer, programmer, technical 748 | writer or other person who contributed to the Font Software. 749 | . 750 | PERMISSION & CONDITIONS 751 | Permission is hereby granted, free of charge, to any person obtaining 752 | a copy of the Font Software, to use, study, copy, merge, embed, modify, 753 | redistribute, and sell modified and unmodified copies of the Font 754 | Software, subject to the following conditions: 755 | . 756 | 1) Neither the Font Software nor any of its individual components, 757 | in Original or Modified Versions, may be sold by itself. 758 | . 759 | 2) Original or Modified Versions of the Font Software may be bundled, 760 | redistributed and/or sold with any software, provided that each copy 761 | contains the above copyright notice and this license. These can be 762 | included either as stand-alone text files, human-readable headers or 763 | in the appropriate machine-readable metadata fields within text or 764 | binary files as long as those fields can be easily viewed by the user. 765 | . 766 | 3) No Modified Version of the Font Software may use the Reserved Font 767 | Name(s) unless explicit written permission is granted by the corresponding 768 | Copyright Holder. This restriction only applies to the primary font name as 769 | presented to the users. 770 | . 771 | 4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font 772 | Software shall not be used to promote, endorse or advertise any 773 | Modified Version, except to acknowledge the contribution(s) of the 774 | Copyright Holder(s) and the Author(s) or with their explicit written 775 | permission. 776 | . 777 | 5) The Font Software, modified or unmodified, in part or in whole, 778 | must be distributed entirely under this license, and must not be 779 | distributed under any other license. The requirement for fonts to 780 | remain under this license does not apply to any document created 781 | using the Font Software. 782 | . 783 | TERMINATION 784 | This license becomes null and void if any of the above conditions are 785 | not met. 786 | . 787 | DISCLAIMER 788 | THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 789 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF 790 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT 791 | OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE 792 | COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 793 | INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL 794 | DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 795 | FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM 796 | OTHER DEALINGS IN THE FONT SOFTWARE. 797 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | all : 2 | grub-mkfont --name='Terminus-grub' --size=14 --output='boot/grub/themes/dist-common/terminus-grub_14.pf2' '/usr/share/fonts/opentype/terminus/terminus-normal.otb' 3 | grub-mkfont --name='Inter-grub' --size=20 --output='boot/grub/themes/dist-common/inter-grub_regular_20.pf2' '/usr/share/fonts/opentype/inter/Inter-Regular.otf' 4 | grub-mkfont --name='Inter-grub' --size=17 --output='boot/grub/themes/dist-common/inter-grub_regular_17.pf2' '/usr/share/fonts/opentype/inter/Inter-Regular.otf' 5 | grub-mkfont --name='Inter-grub' --size=34 --output='boot/grub/themes/dist-common/inter-grub_bold_34.pf2' '/usr/share/fonts/opentype/inter/Inter-Bold.otf' 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # base files for distributions # 2 | 3 | Grub config for more organized boot menu. 4 | "Normal" boot options are on top. 5 | "Advanced" boot options (for older kernel versions) have been moved to the 6 | bottom. 7 | 8 | Creates user `user` with empty password (passwordless) (not in Qubes). 9 | That is if user `user` is not existing yet. 10 | And if it does create user `user` it also locks the root account. 11 | Therefore root account locking effectively only happens in new 12 | builds not having user `user` already created. 13 | 14 | Creates system groups: 15 | * console 16 | * ssh 17 | 18 | Ships a systemd unit file dist-skel-first-boot.service 19 | which runs `/usr/libexec/helper-scripts/first-boot-skel` 20 | (part of helper-scripts) package. 21 | 22 | Simplifies sudo default lecture to only showing the default password once. 23 | 24 | Creates version file `/var/lib/dist-base-files/build_version`. 25 | 26 | Default shell: Sets default shell for user `user` to `zsh`. 27 | (Unless file `/etc/no-shell-change` exists.) 28 | `debian/dist-base-files.postinst` 29 | 30 | Provides common files for derivative GRUB themes. 31 | 32 | This package gets installed by default in both, Kicksecure and Whonix. 33 | 34 | ## How to install `dist-base-files` using apt-get ## 35 | 36 | 1\. Download the APT Signing Key. 37 | 38 | ``` 39 | wget https://www.kicksecure.com/keys/derivative.asc 40 | ``` 41 | 42 | Users can [check the Signing Key](https://www.kicksecure.com/wiki/Signing_Key) for better security. 43 | 44 | 2\. Add the APT Signing Key. 45 | 46 | ``` 47 | sudo cp ~/derivative.asc /usr/share/keyrings/derivative.asc 48 | ``` 49 | 50 | 3\. Add the derivative repository. 51 | 52 | ``` 53 | echo "deb [signed-by=/usr/share/keyrings/derivative.asc] https://deb.kicksecure.com bookworm main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list 54 | ``` 55 | 56 | 4\. Update your package lists. 57 | 58 | ``` 59 | sudo apt-get update 60 | ``` 61 | 62 | 5\. Install `dist-base-files`. 63 | 64 | ``` 65 | sudo apt-get install dist-base-files 66 | ``` 67 | 68 | ## How to Build deb Package from Source Code ## 69 | 70 | Can be build using standard Debian package build tools such as: 71 | 72 | ``` 73 | dpkg-buildpackage -b 74 | ``` 75 | 76 | See instructions. 77 | 78 | NOTE: Replace `generic-package` with the actual name of this package `dist-base-files`. 79 | 80 | * **A)** [easy](https://www.kicksecure.com/wiki/Dev/Build_Documentation/generic-package/easy), _OR_ 81 | * **B)** [including verifying software signatures](https://www.kicksecure.com/wiki/Dev/Build_Documentation/generic-package) 82 | 83 | ## Contact ## 84 | 85 | * [Free Forum Support](https://forums.kicksecure.com) 86 | * [Premium Support](https://www.kicksecure.com/wiki/Premium_Support) 87 | 88 | ## Donate ## 89 | 90 | `dist-base-files` requires [donations](https://www.kicksecure.com/wiki/Donate) to stay alive! 91 | -------------------------------------------------------------------------------- /auto-generated-man-pages/dist-info.8: -------------------------------------------------------------------------------- 1 | .\" generated with Ronn-NG/v0.9.1 2 | .\" http://github.com/apjanke/ronn-ng/tree/0.9.1 3 | .TH "DIST\-INFO" "8" "January 2020" "dist-base-files" "dist-base-files Manual" 4 | .SH "NAME" 5 | \fBdist\-info\fR \- output build version and build timestamp 6 | .SH "SYNOPSIS" 7 | \fBdist\-info\fR 8 | .SH "DESCRIPTION" 9 | Outputs build version and build timestamp\. 10 | .SH "AUTHOR" 11 | This man page has been written by Patrick Schleizer (adrelanos@whonix\.org)\. 12 | -------------------------------------------------------------------------------- /auto-generated-man-pages/dsudo.8: -------------------------------------------------------------------------------- 1 | .\" generated with Ronn-NG/v0.9.1 2 | .\" http://github.com/apjanke/ronn-ng/tree/0.9.1 3 | .TH "DSUDO" "8" "January 2020" "dist-base-files" "dist-base-files Manual" 4 | .SH "NAME" 5 | \fBdsudo\fR \- default password sudo 6 | .SH "SYNOPSIS" 7 | \fBdsudo [OPTIONS]\fR 8 | .SH "DESCRIPTION" 9 | Runs \fBsudo\fR default password "changeme"\. 10 | .P 11 | Forwards all environment variables and parameters to \fBsudo\fR\. 12 | .P 13 | Sets \fBSUDO_ASKPASS=/usr/libexec/derivative\-base\-files/askpass\-default\fR which sets \fBsudo_password=changeme\fR \- unless environment variable \fBsudo_password\fR is already set to something else\. 14 | .P 15 | Useful for testing\. 16 | .SH "AUTHOR" 17 | This man page has been written by Patrick Schleizer (adrelanos@whonix\.org)\. 18 | -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/inter-grub_bold_34.pf2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/inter-grub_bold_34.pf2 -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/inter-grub_regular_17.pf2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/inter-grub_regular_17.pf2 -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/inter-grub_regular_20.pf2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/inter-grub_regular_20.pf2 -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/select_c.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/select_c.png -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/select_e.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/select_e.png -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/select_w.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/select_w.png -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/terminal_box_c.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/terminal_box_c.png -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/terminal_box_e.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/terminal_box_e.png -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/terminal_box_n.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/terminal_box_n.png -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/terminal_box_ne.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/terminal_box_ne.png -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/terminal_box_nw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/terminal_box_nw.png -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/terminal_box_s.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/terminal_box_s.png -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/terminal_box_se.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/terminal_box_se.png -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/terminal_box_sw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/terminal_box_sw.png -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/terminal_box_w.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/terminal_box_w.png -------------------------------------------------------------------------------- /boot/grub/themes/dist-common/terminus-grub_14.pf2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/boot/grub/themes/dist-common/terminus-grub_14.pf2 -------------------------------------------------------------------------------- /debian/changelog: -------------------------------------------------------------------------------- 1 | dist-base-files (3:13.8-1) unstable; urgency=medium 2 | 3 | * New upstream version (local package). 4 | 5 | -- Patrick Schleizer Tue, 29 Apr 2025 09:12:38 +0000 6 | 7 | dist-base-files (3:13.7-1) unstable; urgency=medium 8 | 9 | * New upstream version (local package). 10 | 11 | -- Patrick Schleizer Tue, 29 Apr 2025 03:53:05 +0000 12 | 13 | dist-base-files (3:13.6-1) unstable; urgency=medium 14 | 15 | * New upstream version (local package). 16 | 17 | -- Patrick Schleizer Wed, 16 Apr 2025 22:46:26 +0000 18 | 19 | dist-base-files (3:13.5-1) unstable; urgency=medium 20 | 21 | * New upstream version (local package). 22 | 23 | -- Patrick Schleizer Tue, 15 Apr 2025 20:58:24 +0000 24 | 25 | dist-base-files (3:13.4-1) unstable; urgency=medium 26 | 27 | * New upstream version (local package). 28 | 29 | -- Patrick Schleizer Thu, 10 Apr 2025 11:36:55 +0000 30 | 31 | dist-base-files (3:13.3-1) unstable; urgency=medium 32 | 33 | * New upstream version (local package). 34 | 35 | -- Patrick Schleizer Wed, 09 Apr 2025 15:14:17 +0000 36 | 37 | dist-base-files (3:13.2-1) unstable; urgency=medium 38 | 39 | * New upstream version (local package). 40 | 41 | -- Patrick Schleizer Tue, 08 Apr 2025 14:06:47 +0000 42 | 43 | dist-base-files (3:13.1-1) unstable; urgency=medium 44 | 45 | * New upstream version (local package). 46 | 47 | -- Patrick Schleizer Thu, 03 Apr 2025 17:00:31 +0000 48 | 49 | dist-base-files (3:13.0-1) unstable; urgency=medium 50 | 51 | * New upstream version (local package). 52 | 53 | -- Patrick Schleizer Tue, 01 Apr 2025 14:14:22 +0000 54 | 55 | dist-base-files (3:12.9-1) unstable; urgency=medium 56 | 57 | * New upstream version (local package). 58 | 59 | -- Patrick Schleizer Wed, 26 Mar 2025 09:15:12 +0000 60 | 61 | dist-base-files (3:12.8-1) unstable; urgency=medium 62 | 63 | * New upstream version (local package). 64 | 65 | -- Patrick Schleizer Tue, 25 Mar 2025 13:31:50 +0000 66 | 67 | dist-base-files (3:12.7-1) unstable; urgency=medium 68 | 69 | * New upstream version (local package). 70 | 71 | -- Patrick Schleizer Wed, 19 Mar 2025 10:34:29 +0000 72 | 73 | dist-base-files (3:12.6-1) unstable; urgency=medium 74 | 75 | * New upstream version (local package). 76 | 77 | -- Patrick Schleizer Sat, 15 Mar 2025 10:50:42 +0000 78 | 79 | dist-base-files (3:12.5-1) unstable; urgency=medium 80 | 81 | * New upstream version (local package). 82 | 83 | -- Patrick Schleizer Thu, 13 Feb 2025 23:03:30 +0000 84 | 85 | dist-base-files (3:12.4-1) unstable; urgency=medium 86 | 87 | * New upstream version (local package). 88 | 89 | -- Patrick Schleizer Mon, 10 Feb 2025 11:18:33 +0000 90 | 91 | dist-base-files (3:12.3-1) unstable; urgency=medium 92 | 93 | * New upstream version (local package). 94 | 95 | -- Patrick Schleizer Thu, 23 Jan 2025 16:19:09 +0000 96 | 97 | dist-base-files (3:12.2-1) unstable; urgency=medium 98 | 99 | * New upstream version (local package). 100 | 101 | -- Patrick Schleizer Mon, 06 Jan 2025 13:12:31 +0000 102 | 103 | dist-base-files (3:12.1-1) unstable; urgency=medium 104 | 105 | * New upstream version (local package). 106 | 107 | -- Patrick Schleizer Mon, 06 Jan 2025 13:05:10 +0000 108 | 109 | dist-base-files (3:12.0-1) unstable; urgency=medium 110 | 111 | * New upstream version (local package). 112 | 113 | -- Patrick Schleizer Tue, 31 Dec 2024 18:32:11 +0000 114 | 115 | dist-base-files (3:11.9-1) unstable; urgency=medium 116 | 117 | * New upstream version (local package). 118 | 119 | -- Patrick Schleizer Tue, 31 Dec 2024 14:43:31 +0000 120 | 121 | dist-base-files (3:11.8-1) unstable; urgency=medium 122 | 123 | * New upstream version (local package). 124 | 125 | -- Patrick Schleizer Tue, 31 Dec 2024 14:09:09 +0000 126 | 127 | dist-base-files (3:11.7-1) unstable; urgency=medium 128 | 129 | * New upstream version (local package). 130 | 131 | -- Patrick Schleizer Tue, 31 Dec 2024 07:14:01 +0000 132 | 133 | dist-base-files (3:11.6-1) unstable; urgency=medium 134 | 135 | * New upstream version (local package). 136 | 137 | -- Patrick Schleizer Mon, 30 Dec 2024 12:24:27 +0000 138 | 139 | dist-base-files (3:11.5-1) unstable; urgency=medium 140 | 141 | * New upstream version (local package). 142 | 143 | -- Patrick Schleizer Mon, 30 Dec 2024 06:36:12 +0000 144 | 145 | dist-base-files (3:11.4-1) unstable; urgency=medium 146 | 147 | * New upstream version (local package). 148 | 149 | -- Patrick Schleizer Thu, 19 Dec 2024 06:56:50 +0000 150 | 151 | dist-base-files (3:11.3-1) unstable; urgency=medium 152 | 153 | * New upstream version (local package). 154 | 155 | -- Patrick Schleizer Thu, 12 Dec 2024 19:47:48 +0000 156 | 157 | dist-base-files (3:11.2-1) unstable; urgency=medium 158 | 159 | * New upstream version (local package). 160 | 161 | -- Patrick Schleizer Mon, 11 Nov 2024 14:55:47 +0000 162 | 163 | dist-base-files (3:11.1-1) unstable; urgency=medium 164 | 165 | * New upstream version (local package). 166 | 167 | -- Patrick Schleizer Sun, 10 Nov 2024 12:37:07 +0000 168 | 169 | dist-base-files (3:11.0-1) unstable; urgency=medium 170 | 171 | * New upstream version (local package). 172 | 173 | -- Patrick Schleizer Mon, 02 Sep 2024 21:21:01 +0000 174 | 175 | dist-base-files (3:10.9-1) unstable; urgency=medium 176 | 177 | * New upstream version (local package). 178 | 179 | -- Patrick Schleizer Wed, 31 Jul 2024 12:51:33 +0000 180 | 181 | dist-base-files (3:10.8-1) unstable; urgency=medium 182 | 183 | * New upstream version (local package). 184 | 185 | -- Patrick Schleizer Sun, 28 Jul 2024 23:19:13 +0000 186 | 187 | dist-base-files (3:10.7-1) unstable; urgency=medium 188 | 189 | * New upstream version (local package). 190 | 191 | -- Patrick Schleizer Mon, 15 Apr 2024 14:54:24 +0000 192 | 193 | dist-base-files (3:10.6-1) unstable; urgency=medium 194 | 195 | * New upstream version (local package). 196 | 197 | -- Patrick Schleizer Sat, 13 Apr 2024 12:00:23 +0000 198 | 199 | dist-base-files (3:10.5-1) unstable; urgency=medium 200 | 201 | * New upstream version (local package). 202 | 203 | -- Patrick Schleizer Fri, 02 Feb 2024 12:34:37 +0000 204 | 205 | dist-base-files (3:10.4-1) unstable; urgency=medium 206 | 207 | * New upstream version (local package). 208 | 209 | -- Patrick Schleizer Mon, 22 Jan 2024 12:39:52 +0000 210 | 211 | dist-base-files (3:10.3-1) unstable; urgency=medium 212 | 213 | * New upstream version (local package). 214 | 215 | -- Patrick Schleizer Sat, 11 Nov 2023 20:14:34 +0000 216 | 217 | dist-base-files (3:10.2-1) unstable; urgency=medium 218 | 219 | * New upstream version (local package). 220 | 221 | -- Patrick Schleizer Tue, 22 Aug 2023 13:44:14 +0000 222 | 223 | dist-base-files (3:10.1-1) unstable; urgency=medium 224 | 225 | * New upstream version (local package). 226 | 227 | -- Patrick Schleizer Fri, 21 Jul 2023 10:04:32 +0000 228 | 229 | dist-base-files (3:10.0-1) unstable; urgency=medium 230 | 231 | * New upstream version (local package). 232 | 233 | -- Patrick Schleizer Mon, 17 Jul 2023 15:33:47 +0000 234 | 235 | dist-base-files (3:9.9-1) unstable; urgency=medium 236 | 237 | * New upstream version (local package). 238 | 239 | -- Patrick Schleizer Fri, 14 Jul 2023 12:20:39 +0000 240 | 241 | dist-base-files (3:9.8-1) unstable; urgency=medium 242 | 243 | * New upstream version (local package). 244 | 245 | -- Patrick Schleizer Fri, 14 Jul 2023 10:50:49 +0000 246 | 247 | dist-base-files (3:9.7-1) unstable; urgency=medium 248 | 249 | * New upstream version (local package). 250 | 251 | -- Patrick Schleizer Mon, 10 Jul 2023 21:31:56 +0000 252 | 253 | dist-base-files (3:9.6-1) unstable; urgency=medium 254 | 255 | * New upstream version (local package). 256 | 257 | -- Patrick Schleizer Sun, 09 Jul 2023 19:04:49 +0000 258 | 259 | dist-base-files (3:9.5-1) unstable; urgency=medium 260 | 261 | * New upstream version (local package). 262 | 263 | -- Patrick Schleizer Sun, 09 Jul 2023 15:32:32 +0000 264 | 265 | dist-base-files (3:9.4-1) unstable; urgency=medium 266 | 267 | * New upstream version (local package). 268 | 269 | -- Patrick Schleizer Fri, 23 Jun 2023 08:17:21 +0000 270 | 271 | dist-base-files (3:9.3-1) unstable; urgency=medium 272 | 273 | * New upstream version (local package). 274 | 275 | -- Patrick Schleizer Wed, 21 Jun 2023 09:15:21 +0000 276 | 277 | dist-base-files (3:9.2-1) unstable; urgency=medium 278 | 279 | * New upstream version (local package). 280 | 281 | -- Patrick Schleizer Fri, 16 Jun 2023 10:52:12 +0000 282 | 283 | dist-base-files (3:9.1-1) unstable; urgency=medium 284 | 285 | * New upstream version (local package). 286 | 287 | -- Patrick Schleizer Thu, 15 Jun 2023 17:00:12 +0000 288 | 289 | dist-base-files (3:9.0-1) unstable; urgency=medium 290 | 291 | * New upstream version (local package). 292 | 293 | -- Patrick Schleizer Mon, 12 Jun 2023 17:50:43 +0000 294 | 295 | dist-base-files (3:8.9-1) unstable; urgency=medium 296 | 297 | * New upstream version (local package). 298 | 299 | -- Patrick Schleizer Mon, 12 Jun 2023 15:16:46 +0000 300 | 301 | dist-base-files (3:8.8-1) unstable; urgency=medium 302 | 303 | * New upstream version (local package). 304 | 305 | -- Patrick Schleizer Sat, 15 Oct 2022 22:48:37 +0000 306 | 307 | dist-base-files (3:8.7-1) unstable; urgency=medium 308 | 309 | * New upstream version (local package). 310 | 311 | -- Patrick Schleizer Sat, 15 Oct 2022 15:56:41 +0000 312 | 313 | dist-base-files (3:8.6-1) unstable; urgency=medium 314 | 315 | * New upstream version (local package). 316 | 317 | -- Patrick Schleizer Sat, 01 Oct 2022 14:28:26 +0000 318 | 319 | dist-base-files (3:8.5-1) unstable; urgency=medium 320 | 321 | * New upstream version (local package). 322 | 323 | -- Patrick Schleizer Fri, 30 Sep 2022 12:43:57 +0000 324 | 325 | dist-base-files (3:8.4-1) unstable; urgency=medium 326 | 327 | * New upstream version (local package). 328 | 329 | -- Patrick Schleizer Sat, 13 Aug 2022 15:38:34 +0000 330 | 331 | dist-base-files (3:8.3-1) unstable; urgency=medium 332 | 333 | * New upstream version (local package). 334 | 335 | -- Patrick Schleizer Wed, 08 Jun 2022 14:29:26 +0000 336 | 337 | dist-base-files (3:8.2-1) unstable; urgency=medium 338 | 339 | * New upstream version (local package). 340 | 341 | -- Patrick Schleizer Wed, 25 May 2022 10:05:45 +0000 342 | 343 | dist-base-files (3:8.1-1) unstable; urgency=medium 344 | 345 | * New upstream version (local package). 346 | 347 | -- Patrick Schleizer Sat, 11 Sep 2021 22:40:33 +0000 348 | 349 | dist-base-files (3:8.0-1) unstable; urgency=medium 350 | 351 | * New upstream version (local package). 352 | 353 | -- Patrick Schleizer Thu, 05 Aug 2021 20:40:34 +0000 354 | 355 | dist-base-files (3:7.9-1) unstable; urgency=medium 356 | 357 | * New upstream version (local package). 358 | 359 | -- Patrick Schleizer Tue, 23 Mar 2021 11:46:29 +0000 360 | 361 | dist-base-files (3:7.8-1) unstable; urgency=medium 362 | 363 | * New upstream version (local package). 364 | 365 | -- Patrick Schleizer Thu, 18 Mar 2021 13:03:19 +0000 366 | 367 | dist-base-files (3:7.7-1) unstable; urgency=medium 368 | 369 | * New upstream version (local package). 370 | 371 | -- Patrick Schleizer Thu, 18 Mar 2021 11:43:10 +0000 372 | 373 | dist-base-files (3:7.6-1) unstable; urgency=medium 374 | 375 | * New upstream version (local package). 376 | 377 | -- Patrick Schleizer Wed, 17 Mar 2021 15:06:38 +0000 378 | 379 | dist-base-files (3:7.5-1) unstable; urgency=medium 380 | 381 | * New upstream version (local package). 382 | 383 | -- Patrick Schleizer Sat, 11 Jul 2020 18:49:43 +0000 384 | 385 | dist-base-files (3:7.4-1) unstable; urgency=medium 386 | 387 | * New upstream version (local package). 388 | 389 | -- Patrick Schleizer Sat, 11 Jul 2020 17:40:29 +0000 390 | 391 | dist-base-files (3:7.3-1) unstable; urgency=medium 392 | 393 | * New upstream version (local package). 394 | 395 | -- Patrick Schleizer Thu, 16 Apr 2020 21:00:36 +0000 396 | 397 | dist-base-files (3:7.2-1) unstable; urgency=medium 398 | 399 | * New upstream version (local package). 400 | 401 | -- Patrick Schleizer Thu, 16 Apr 2020 12:30:08 +0000 402 | 403 | dist-base-files (3:7.1-1) unstable; urgency=medium 404 | 405 | * New upstream version (local package). 406 | 407 | -- Patrick Schleizer Thu, 09 Apr 2020 12:41:49 +0000 408 | 409 | dist-base-files (3:7.0-1) unstable; urgency=medium 410 | 411 | * New upstream version (local package). 412 | 413 | -- Patrick Schleizer Thu, 09 Apr 2020 10:16:52 +0000 414 | 415 | dist-base-files (3:6.9-1) unstable; urgency=medium 416 | 417 | * New upstream version (local package). 418 | 419 | -- Patrick Schleizer Thu, 09 Apr 2020 09:41:49 +0000 420 | 421 | dist-base-files (3:6.8-1) unstable; urgency=medium 422 | 423 | * New upstream version (local package). 424 | 425 | -- Patrick Schleizer Wed, 08 Apr 2020 18:28:50 +0000 426 | 427 | dist-base-files (3:6.7-1) unstable; urgency=medium 428 | 429 | * New upstream version (local package). 430 | 431 | -- Patrick Schleizer Wed, 08 Apr 2020 17:56:11 +0000 432 | 433 | dist-base-files (3:6.6-1) unstable; urgency=medium 434 | 435 | * New upstream version (local package). 436 | 437 | -- Patrick Schleizer Wed, 08 Apr 2020 17:41:31 +0000 438 | 439 | dist-base-files (3:6.5-1) unstable; urgency=medium 440 | 441 | * New upstream version (local package). 442 | 443 | -- Patrick Schleizer Wed, 08 Apr 2020 17:12:03 +0000 444 | 445 | dist-base-files (3:6.4-1) unstable; urgency=medium 446 | 447 | * New upstream version (local package). 448 | 449 | -- Patrick Schleizer Wed, 08 Apr 2020 16:21:50 +0000 450 | 451 | dist-base-files (3:6.3-1) unstable; urgency=medium 452 | 453 | * New upstream version (local package). 454 | 455 | -- Patrick Schleizer Wed, 08 Apr 2020 13:20:10 +0000 456 | 457 | dist-base-files (3:6.2-1) unstable; urgency=medium 458 | 459 | * New upstream version (local package). 460 | 461 | -- Patrick Schleizer Wed, 08 Apr 2020 12:49:55 +0000 462 | 463 | dist-base-files (3:6.1-1) unstable; urgency=medium 464 | 465 | * New upstream version (local package). 466 | 467 | -- Patrick Schleizer Wed, 08 Apr 2020 10:30:06 +0000 468 | 469 | dist-base-files (3:6.0-1) unstable; urgency=medium 470 | 471 | * New upstream version (local package). 472 | 473 | -- Patrick Schleizer Wed, 08 Apr 2020 09:42:24 +0000 474 | 475 | dist-base-files (3:5.9-1) unstable; urgency=medium 476 | 477 | * New upstream version (local package). 478 | 479 | -- Patrick Schleizer Thu, 02 Apr 2020 11:24:20 +0000 480 | 481 | dist-base-files (3:5.8-1) unstable; urgency=medium 482 | 483 | * New upstream version (local package). 484 | 485 | -- Patrick Schleizer Wed, 01 Apr 2020 14:14:48 +0000 486 | 487 | dist-base-files (3:5.7-1) unstable; urgency=medium 488 | 489 | * New upstream version (local package). 490 | 491 | -- Patrick Schleizer Mon, 30 Mar 2020 22:40:00 +0000 492 | 493 | dist-base-files (3:5.6-1) unstable; urgency=medium 494 | 495 | * New upstream version (local package). 496 | 497 | -- Patrick Schleizer Mon, 30 Mar 2020 21:32:31 +0000 498 | 499 | dist-base-files (3:5.5-1) unstable; urgency=medium 500 | 501 | * New upstream version (local package). 502 | 503 | -- Patrick Schleizer Sun, 15 Mar 2020 20:06:51 +0000 504 | 505 | dist-base-files (3:5.4-1) unstable; urgency=medium 506 | 507 | * New upstream version (local package). 508 | 509 | -- Patrick Schleizer Sun, 15 Mar 2020 20:04:20 +0000 510 | 511 | dist-base-files (3:5.3-1) unstable; urgency=medium 512 | 513 | * New upstream version (local package). 514 | 515 | -- Patrick Schleizer Fri, 06 Mar 2020 14:04:43 +0000 516 | 517 | dist-base-files (3:5.2-1) unstable; urgency=medium 518 | 519 | * New upstream version (local package). 520 | 521 | -- Patrick Schleizer Fri, 17 Jan 2020 10:34:58 +0000 522 | 523 | dist-base-files (3:5.1-1) unstable; urgency=medium 524 | 525 | * New upstream version (local package). 526 | 527 | -- Patrick Schleizer Wed, 15 Jan 2020 15:09:02 +0000 528 | 529 | dist-base-files (3:5.0-1) unstable; urgency=medium 530 | 531 | * New upstream version (local package). 532 | 533 | -- Patrick Schleizer Mon, 16 Dec 2019 11:24:21 +0000 534 | 535 | dist-base-files (3:4.9-1) unstable; urgency=medium 536 | 537 | * New upstream version (local package). 538 | 539 | -- Patrick Schleizer Thu, 12 Dec 2019 13:02:47 +0000 540 | 541 | dist-base-files (3:4.8-1) unstable; urgency=medium 542 | 543 | * New upstream version (local package). 544 | 545 | -- Patrick Schleizer Sun, 08 Dec 2019 09:26:08 +0000 546 | 547 | dist-base-files (3:4.7-1) unstable; urgency=medium 548 | 549 | * New upstream version (local package). 550 | 551 | -- Patrick Schleizer Sun, 08 Dec 2019 09:03:07 +0000 552 | 553 | dist-base-files (3:4.6-1) unstable; urgency=medium 554 | 555 | * New upstream version (local package). 556 | 557 | -- Patrick Schleizer Tue, 22 Oct 2019 06:31:23 +0000 558 | 559 | dist-base-files (3:4.5-1) unstable; urgency=medium 560 | 561 | * New upstream version (local package). 562 | 563 | -- Patrick Schleizer Mon, 14 Oct 2019 10:11:32 +0000 564 | 565 | dist-base-files (3:4.4-1) unstable; urgency=medium 566 | 567 | * New upstream version (local package). 568 | 569 | -- Patrick Schleizer Sat, 31 Aug 2019 13:40:41 +0000 570 | 571 | dist-base-files (3:4.3-1) unstable; urgency=medium 572 | 573 | * New upstream version (local package). 574 | 575 | -- Patrick Schleizer Sat, 24 Aug 2019 16:40:02 +0000 576 | 577 | dist-base-files (3:4.2-1) unstable; urgency=medium 578 | 579 | * New upstream version (local package). 580 | 581 | -- Patrick Schleizer Sun, 11 Aug 2019 15:05:15 +0000 582 | 583 | dist-base-files (3:4.1-1) unstable; urgency=medium 584 | 585 | * New upstream version (local package). 586 | 587 | -- Patrick Schleizer Sun, 11 Aug 2019 11:39:37 +0000 588 | 589 | dist-base-files (3:4.0-1) unstable; urgency=medium 590 | 591 | * New upstream version (local package). 592 | 593 | -- Patrick Schleizer Sat, 10 Aug 2019 11:35:40 +0000 594 | 595 | dist-base-files (3:3.9-1) unstable; urgency=medium 596 | 597 | * New upstream version (local package). 598 | 599 | -- Patrick Schleizer Thu, 01 Aug 2019 11:15:29 +0000 600 | 601 | dist-base-files (3:3.8-1) unstable; urgency=medium 602 | 603 | * New upstream version (local package). 604 | 605 | -- Patrick Schleizer Mon, 15 Jul 2019 13:26:06 +0000 606 | 607 | dist-base-files (3:3.7-1) unstable; urgency=medium 608 | 609 | * New upstream version (local package). 610 | 611 | -- Patrick Schleizer Sat, 13 Jul 2019 16:29:47 +0000 612 | 613 | dist-base-files (3:3.6-1) unstable; urgency=medium 614 | 615 | * New upstream version (local package). 616 | 617 | -- Patrick Schleizer Thu, 11 Jul 2019 07:22:24 +0000 618 | 619 | dist-base-files (3:3.5-1) unstable; urgency=medium 620 | 621 | * New upstream version (local package). 622 | 623 | -- Patrick Schleizer Thu, 11 Jul 2019 07:07:53 +0000 624 | 625 | dist-base-files (3:3.4-1) unstable; urgency=medium 626 | 627 | * New upstream version (local package). 628 | 629 | -- Patrick Schleizer Sat, 08 Jun 2019 10:05:30 +0000 630 | 631 | dist-base-files (3:3.3-1) unstable; urgency=medium 632 | 633 | * New upstream version (local package). 634 | 635 | -- Patrick Schleizer Fri, 24 May 2019 20:03:44 +0000 636 | 637 | dist-base-files (3:3.2-1) unstable; urgency=medium 638 | 639 | * New upstream version (local package). 640 | 641 | -- Patrick Schleizer Sun, 12 May 2019 10:27:32 +0000 642 | 643 | dist-base-files (3:3.1-1) unstable; urgency=medium 644 | 645 | * New upstream version (local package). 646 | 647 | -- Patrick Schleizer Mon, 06 May 2019 09:57:29 +0000 648 | 649 | dist-base-files (3:3.0-1) unstable; urgency=medium 650 | 651 | * New upstream version (local package). 652 | 653 | -- Patrick Schleizer Fri, 03 May 2019 11:07:59 +0000 654 | 655 | dist-base-files (3:2.9-1) unstable; urgency=medium 656 | 657 | * New upstream version (local package). 658 | 659 | -- Patrick Schleizer Sat, 06 Apr 2019 11:47:34 +0000 660 | 661 | dist-base-files (3:2.8-1) unstable; urgency=medium 662 | 663 | * New upstream version (local package). 664 | 665 | -- Patrick Schleizer Fri, 29 Mar 2019 09:37:23 +0000 666 | 667 | dist-base-files (3:2.7-1) unstable; urgency=medium 668 | 669 | * New upstream version (local package). 670 | 671 | -- Patrick Schleizer Tue, 12 Mar 2019 11:10:40 +0000 672 | 673 | dist-base-files (3:2.6-1) unstable; urgency=medium 674 | 675 | * New upstream version (local package). 676 | 677 | -- Patrick Schleizer Mon, 27 Aug 2018 15:43:43 +0000 678 | 679 | dist-base-files (3:2.5-1) unstable; urgency=medium 680 | 681 | * New upstream version (local package). 682 | 683 | -- Patrick Schleizer Thu, 01 Feb 2018 14:38:24 +0000 684 | 685 | dist-base-files (3:2.4-1) unstable; urgency=medium 686 | 687 | * New upstream version (local package). 688 | 689 | -- Patrick Schleizer Fri, 17 Feb 2017 13:39:50 +0000 690 | 691 | dist-base-files (3:2.3-1) unstable; urgency=medium 692 | 693 | * New upstream version (local package). 694 | 695 | -- Patrick Schleizer Tue, 17 Jan 2017 11:06:33 +0100 696 | 697 | dist-base-files (3:2.2-1) unstable; urgency=medium 698 | 699 | * New upstream version (local package). 700 | 701 | -- Patrick Schleizer Sun, 15 Jan 2017 15:18:40 +0000 702 | 703 | dist-base-files (3:2.1-1) unstable; urgency=medium 704 | 705 | * New upstream version (local package). 706 | 707 | -- Patrick Schleizer Sat, 10 Dec 2016 00:03:47 +0000 708 | 709 | dist-base-files (3:2.0-1) unstable; urgency=medium 710 | 711 | * New upstream version (local package). 712 | 713 | -- Patrick Schleizer Tue, 19 Apr 2016 19:44:36 +0000 714 | 715 | dist-base-files (3:1.9-1) unstable; urgency=medium 716 | 717 | * New upstream version (local package). 718 | 719 | -- Patrick Schleizer Thu, 14 Apr 2016 21:14:43 +0000 720 | 721 | dist-base-files (3:1.8-1) unstable; urgency=medium 722 | 723 | * New upstream version (local package). 724 | 725 | -- Patrick Schleizer Thu, 07 Apr 2016 22:54:22 +0000 726 | 727 | dist-base-files (3:1.7-1) unstable; urgency=medium 728 | 729 | * New upstream version (local package). 730 | 731 | -- Patrick Schleizer Thu, 22 Oct 2015 23:12:30 +0000 732 | 733 | dist-base-files (3:1.6-1) unstable; urgency=medium 734 | 735 | * New upstream version (local package). 736 | 737 | -- Patrick Schleizer Tue, 25 Aug 2015 14:07:30 +0000 738 | 739 | dist-base-files (3:1.5-1) unstable; urgency=medium 740 | 741 | * New upstream version (local package). 742 | 743 | -- Patrick Schleizer Mon, 24 Aug 2015 17:47:08 +0000 744 | 745 | dist-base-files (3:1.4-1) unstable; urgency=low 746 | 747 | * New upstream version (local package). 748 | 749 | -- Patrick Schleizer Wed, 03 Jun 2015 14:58:49 +0000 750 | 751 | dist-base-files (3:1.3-1) unstable; urgency=low 752 | 753 | * New upstream version (local package). 754 | 755 | -- Patrick Schleizer Thu, 28 May 2015 21:11:58 +0000 756 | 757 | dist-base-files (3:1.2-1) unstable; urgency=low 758 | 759 | * New upstream version (local package). 760 | 761 | -- Patrick Schleizer Fri, 15 May 2015 20:20:44 +0000 762 | 763 | dist-base-files (3:1.1-1) unstable; urgency=low 764 | 765 | * New upstream version (local package). 766 | 767 | -- Patrick Schleizer Thu, 30 Apr 2015 17:55:29 +0000 768 | 769 | dist-base-files (3:1.0-1) unstable; urgency=low 770 | 771 | * New upstream version (local package). 772 | 773 | -- Patrick Schleizer Tue, 07 Apr 2015 17:40:52 +0000 774 | 775 | dist-base-files (3:0.9-1) unstable; urgency=low 776 | 777 | * New upstream version (local package). 778 | 779 | -- Patrick Schleizer Tue, 24 Mar 2015 17:28:31 +0000 780 | 781 | dist-base-files (3:0.8-1) unstable; urgency=low 782 | 783 | * New upstream version. 784 | 785 | -- Patrick Schleizer Wed, 04 Feb 2015 00:51:16 +0000 786 | 787 | dist-base-files (3:0.7-1) unstable; urgency=low 788 | 789 | * New upstream version. 790 | 791 | -- Patrick Schleizer Thu, 23 Oct 2014 22:38:18 +0000 792 | 793 | dist-base-files (3:0.6-1) unstable; urgency=low 794 | 795 | * New upstream version. 796 | 797 | -- Patrick Schleizer Mon, 13 Oct 2014 12:32:40 +0000 798 | 799 | dist-base-files (3:0.5-1) unstable; urgency=low 800 | 801 | * New upstream version. 802 | 803 | -- Patrick Schleizer Thu, 25 Sep 2014 21:58:54 +0000 804 | 805 | dist-base-files (3:0.4-1) unstable; urgency=low 806 | 807 | * New upstream version. 808 | 809 | -- Patrick Schleizer Tue, 26 Aug 2014 15:28:19 +0000 810 | 811 | dist-base-files (3:0.3-1) unstable; urgency=low 812 | 813 | * New upstream version. 814 | 815 | -- Patrick Schleizer Tue, 19 Aug 2014 18:40:55 +0000 816 | 817 | dist-base-files (3:0.2-2) unstable; urgency=low 818 | 819 | * Fixed changelog date. 820 | 821 | -- Patrick Schleizer Sun, 17 Aug 2014 20:49:36 +0000 822 | 823 | dist-base-files (3:0.2-1) unstable; urgency=low 824 | 825 | * New upstream version. 826 | 827 | -- Patrick Schleizer Sun, 17 Aug 2014 20:44:58 +0000 828 | 829 | dist-base-files (3:0.1-2) unstable; urgency=low 830 | 831 | * Initial release. 832 | 833 | -- Patrick Schleizer Sun, 17 Aug 2014 17:55:59 +0000 834 | -------------------------------------------------------------------------------- /debian/control: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | Source: dist-base-files 5 | Section: misc 6 | Priority: optional 7 | Maintainer: Patrick Schleizer 8 | Build-Depends: debhelper (>= 13.11.6), debhelper-compat (= 13), config-package-dev, fonts-inter, fonts-terminus-otb, grub-common 9 | Homepage: https://github.com/Kicksecure/dist-base-files 10 | Vcs-Browser: https://github.com/Kicksecure/dist-base-files 11 | Vcs-Git: https://github.com/Kicksecure/dist-base-files.git 12 | Standards-Version: 4.6.2 13 | Rules-Requires-Root: no 14 | 15 | Package: dist-base-files 16 | Architecture: all 17 | ## debian/dist-base-files.postinst uses 'chsh --shell /usr/bin/zsh'. 18 | ## chsh requires the shell already available. 19 | Pre-Depends: zsh 20 | Depends: sudo, dpkg-dev, helper-scripts, adduser, moreutils, 21 | zsh-syntax-highlighting, zsh-autosuggestions, 22 | ${misc:Depends} 23 | Provides: anon-base-files, 24 | ${diverted-files} 25 | Conflicts: anon-base-files, 26 | ${diverted-files} 27 | Replaces: anon-base-files 28 | Description: base files for distributions 29 | Grub config for more organized boot menu. 30 | "Normal" boot options are on top. 31 | "Advanced" boot options (for older kernel versions) have been moved to the 32 | bottom. 33 | . 34 | Creates user `user` with empty password (passwordless) (not in Qubes). 35 | That is if user `user` is not existing yet. 36 | And if it does create user `user` it also locks the root account. 37 | Therefore root account locking effectively only happens in new 38 | builds not having user `user` already created. 39 | . 40 | Creates system groups: 41 | * console 42 | * ssh 43 | . 44 | Ships a systemd unit file dist-skel-first-boot.service 45 | which runs `/usr/libexec/helper-scripts/first-boot-skel` 46 | (part of helper-scripts) package. 47 | . 48 | Simplifies sudo default lecture to only showing the default password once. 49 | . 50 | Creates version file `/var/lib/dist-base-files/build_version`. 51 | . 52 | Default shell: Sets default shell for user `user` to `zsh`. 53 | (Unless file `/etc/no-shell-change` exists.) 54 | `debian/dist-base-files.postinst` 55 | . 56 | Provides common files for derivative GRUB themes. 57 | . 58 | This package gets installed by default in both, Kicksecure and Whonix. 59 | -------------------------------------------------------------------------------- /debian/copyright: -------------------------------------------------------------------------------- 1 | Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ 2 | 3 | Files: * 4 | Copyright: 2012 - 2025 ENCRYPTED SUPPORT LLC 5 | License: AGPL-3+ 6 | 7 | Files: boot/grub/themes/dist-common/terminus-grub_14.pf2 8 | Copyright: 2010 - 2014 Dimitar Toshkov Zhekov 9 | License: OFL-1.1 10 | Comment: 11 | Generated at package build time from the original Terminus Font 12 | using grub-mkfont. Renamed to Terminus-grub. 13 | 14 | Files: boot/grub/themes/dist-common/inter-grub_regular_17.pf2 15 | boot/grub/themes/dist-common/inter-grub_regular_20.pf2 16 | Copyright: 2016 - 2022 The Inter Project Authors 17 | License: OFL-1.1 18 | Comment: 19 | Generated at package build time from the original Inter font 20 | using grub-mkfont. Renamed to Inter-grub. 21 | 22 | Files: etc/grub.d/10_00_linux_dist 23 | etc/grub.d/10_50_linux_dist_advanced 24 | Copyright: 2006 - 2010 Free Software Foundation, Inc 25 | License: GPL-3+ 26 | Comment: 27 | Exact copies of the original /etc/grub.d/10_linux file, but with some segments 28 | commented out and some extra comments added for clarity. 29 | 30 | License: GPL-3+ 31 | This package is free software; you can redistribute it and/or modify 32 | it under the terms of the GNU General Public License as published by 33 | the Free Software Foundation; either version 3 of the License, or 34 | (at your option) any later version. 35 | . 36 | This package is distributed in the hope that it will be useful, 37 | but WITHOUT ANY WARRANTY; without even the implied warranty of 38 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 39 | GNU General Public License for more details. 40 | . 41 | You should have received a copy of the GNU General Public License 42 | along with this program. If not, see 43 | . 44 | On Debian systems, the complete text of the GNU General 45 | Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". 46 | 47 | License: AGPL-3+ 48 | GNU AFFERO GENERAL PUBLIC LICENSE 49 | Version 3, 19 November 2007 50 | . 51 | Copyright (C) 2007 Free Software Foundation, Inc. 52 | Everyone is permitted to copy and distribute verbatim copies 53 | of this license document, but changing it is not allowed. 54 | . 55 | Preamble 56 | . 57 | The GNU Affero General Public License is a free, copyleft license for 58 | software and other kinds of works, specifically designed to ensure 59 | cooperation with the community in the case of network server software. 60 | . 61 | The licenses for most software and other practical works are designed 62 | to take away your freedom to share and change the works. By contrast, 63 | our General Public Licenses are intended to guarantee your freedom to 64 | share and change all versions of a program--to make sure it remains free 65 | software for all its users. 66 | . 67 | When we speak of free software, we are referring to freedom, not 68 | price. Our General Public Licenses are designed to make sure that you 69 | have the freedom to distribute copies of free software (and charge for 70 | them if you wish), that you receive source code or can get it if you 71 | want it, that you can change the software or use pieces of it in new 72 | free programs, and that you know you can do these things. 73 | . 74 | Developers that use our General Public Licenses protect your rights 75 | with two steps: (1) assert copyright on the software, and (2) offer 76 | you this License which gives you legal permission to copy, distribute 77 | and/or modify the software. 78 | . 79 | A secondary benefit of defending all users' freedom is that 80 | improvements made in alternate versions of the program, if they 81 | receive widespread use, become available for other developers to 82 | incorporate. Many developers of free software are heartened and 83 | encouraged by the resulting cooperation. However, in the case of 84 | software used on network servers, this result may fail to come about. 85 | The GNU General Public License permits making a modified version and 86 | letting the public access it on a server without ever releasing its 87 | source code to the public. 88 | . 89 | The GNU Affero General Public License is designed specifically to 90 | ensure that, in such cases, the modified source code becomes available 91 | to the community. It requires the operator of a network server to 92 | provide the source code of the modified version running there to the 93 | users of that server. Therefore, public use of a modified version, on 94 | a publicly accessible server, gives the public access to the source 95 | code of the modified version. 96 | . 97 | An older license, called the Affero General Public License and 98 | published by Affero, was designed to accomplish similar goals. This is 99 | a different license, not a version of the Affero GPL, but Affero has 100 | released a new version of the Affero GPL which permits relicensing under 101 | this license. 102 | . 103 | The precise terms and conditions for copying, distribution and 104 | modification follow. 105 | . 106 | TERMS AND CONDITIONS 107 | . 108 | 0. Definitions. 109 | . 110 | "This License" refers to version 3 of the GNU Affero General Public License. 111 | . 112 | "Copyright" also means copyright-like laws that apply to other kinds of 113 | works, such as semiconductor masks. 114 | . 115 | "The Program" refers to any copyrightable work licensed under this 116 | License. Each licensee is addressed as "you". "Licensees" and 117 | "recipients" may be individuals or organizations. 118 | . 119 | To "modify" a work means to copy from or adapt all or part of the work 120 | in a fashion requiring copyright permission, other than the making of an 121 | exact copy. The resulting work is called a "modified version" of the 122 | earlier work or a work "based on" the earlier work. 123 | . 124 | A "covered work" means either the unmodified Program or a work based 125 | on the Program. 126 | . 127 | To "propagate" a work means to do anything with it that, without 128 | permission, would make you directly or secondarily liable for 129 | infringement under applicable copyright law, except executing it on a 130 | computer or modifying a private copy. Propagation includes copying, 131 | distribution (with or without modification), making available to the 132 | public, and in some countries other activities as well. 133 | . 134 | To "convey" a work means any kind of propagation that enables other 135 | parties to make or receive copies. Mere interaction with a user through 136 | a computer network, with no transfer of a copy, is not conveying. 137 | . 138 | An interactive user interface displays "Appropriate Legal Notices" 139 | to the extent that it includes a convenient and prominently visible 140 | feature that (1) displays an appropriate copyright notice, and (2) 141 | tells the user that there is no warranty for the work (except to the 142 | extent that warranties are provided), that licensees may convey the 143 | work under this License, and how to view a copy of this License. If 144 | the interface presents a list of user commands or options, such as a 145 | menu, a prominent item in the list meets this criterion. 146 | . 147 | 1. Source Code. 148 | . 149 | The "source code" for a work means the preferred form of the work 150 | for making modifications to it. "Object code" means any non-source 151 | form of a work. 152 | . 153 | A "Standard Interface" means an interface that either is an official 154 | standard defined by a recognized standards body, or, in the case of 155 | interfaces specified for a particular programming language, one that 156 | is widely used among developers working in that language. 157 | . 158 | The "System Libraries" of an executable work include anything, other 159 | than the work as a whole, that (a) is included in the normal form of 160 | packaging a Major Component, but which is not part of that Major 161 | Component, and (b) serves only to enable use of the work with that 162 | Major Component, or to implement a Standard Interface for which an 163 | implementation is available to the public in source code form. A 164 | "Major Component", in this context, means a major essential component 165 | (kernel, window system, and so on) of the specific operating system 166 | (if any) on which the executable work runs, or a compiler used to 167 | produce the work, or an object code interpreter used to run it. 168 | . 169 | The "Corresponding Source" for a work in object code form means all 170 | the source code needed to generate, install, and (for an executable 171 | work) run the object code and to modify the work, including scripts to 172 | control those activities. However, it does not include the work's 173 | System Libraries, or general-purpose tools or generally available free 174 | programs which are used unmodified in performing those activities but 175 | which are not part of the work. For example, Corresponding Source 176 | includes interface definition files associated with source files for 177 | the work, and the source code for shared libraries and dynamically 178 | linked subprograms that the work is specifically designed to require, 179 | such as by intimate data communication or control flow between those 180 | subprograms and other parts of the work. 181 | . 182 | The Corresponding Source need not include anything that users 183 | can regenerate automatically from other parts of the Corresponding 184 | Source. 185 | . 186 | The Corresponding Source for a work in source code form is that 187 | same work. 188 | . 189 | 2. Basic Permissions. 190 | . 191 | All rights granted under this License are granted for the term of 192 | copyright on the Program, and are irrevocable provided the stated 193 | conditions are met. This License explicitly affirms your unlimited 194 | permission to run the unmodified Program. The output from running a 195 | covered work is covered by this License only if the output, given its 196 | content, constitutes a covered work. This License acknowledges your 197 | rights of fair use or other equivalent, as provided by copyright law. 198 | . 199 | You may make, run and propagate covered works that you do not 200 | convey, without conditions so long as your license otherwise remains 201 | in force. You may convey covered works to others for the sole purpose 202 | of having them make modifications exclusively for you, or provide you 203 | with facilities for running those works, provided that you comply with 204 | the terms of this License in conveying all material for which you do 205 | not control copyright. Those thus making or running the covered works 206 | for you must do so exclusively on your behalf, under your direction 207 | and control, on terms that prohibit them from making any copies of 208 | your copyrighted material outside their relationship with you. 209 | . 210 | Conveying under any other circumstances is permitted solely under 211 | the conditions stated below. Sublicensing is not allowed; section 10 212 | makes it unnecessary. 213 | . 214 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 215 | . 216 | No covered work shall be deemed part of an effective technological 217 | measure under any applicable law fulfilling obligations under article 218 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 219 | similar laws prohibiting or restricting circumvention of such 220 | measures. 221 | . 222 | When you convey a covered work, you waive any legal power to forbid 223 | circumvention of technological measures to the extent such circumvention 224 | is effected by exercising rights under this License with respect to 225 | the covered work, and you disclaim any intention to limit operation or 226 | modification of the work as a means of enforcing, against the work's 227 | users, your or third parties' legal rights to forbid circumvention of 228 | technological measures. 229 | . 230 | 4. Conveying Verbatim Copies. 231 | . 232 | You may convey verbatim copies of the Program's source code as you 233 | receive it, in any medium, provided that you conspicuously and 234 | appropriately publish on each copy an appropriate copyright notice; 235 | keep intact all notices stating that this License and any 236 | non-permissive terms added in accord with section 7 apply to the code; 237 | keep intact all notices of the absence of any warranty; and give all 238 | recipients a copy of this License along with the Program. 239 | . 240 | You may charge any price or no price for each copy that you convey, 241 | and you may offer support or warranty protection for a fee. 242 | . 243 | 5. Conveying Modified Source Versions. 244 | . 245 | You may convey a work based on the Program, or the modifications to 246 | produce it from the Program, in the form of source code under the 247 | terms of section 4, provided that you also meet all of these conditions: 248 | . 249 | a) The work must carry prominent notices stating that you modified 250 | it, and giving a relevant date. 251 | . 252 | b) The work must carry prominent notices stating that it is 253 | released under this License and any conditions added under section 254 | 7. This requirement modifies the requirement in section 4 to 255 | "keep intact all notices". 256 | . 257 | c) You must license the entire work, as a whole, under this 258 | License to anyone who comes into possession of a copy. This 259 | License will therefore apply, along with any applicable section 7 260 | additional terms, to the whole of the work, and all its parts, 261 | regardless of how they are packaged. This License gives no 262 | permission to license the work in any other way, but it does not 263 | invalidate such permission if you have separately received it. 264 | . 265 | d) If the work has interactive user interfaces, each must display 266 | Appropriate Legal Notices; however, if the Program has interactive 267 | interfaces that do not display Appropriate Legal Notices, your 268 | work need not make them do so. 269 | . 270 | A compilation of a covered work with other separate and independent 271 | works, which are not by their nature extensions of the covered work, 272 | and which are not combined with it such as to form a larger program, 273 | in or on a volume of a storage or distribution medium, is called an 274 | "aggregate" if the compilation and its resulting copyright are not 275 | used to limit the access or legal rights of the compilation's users 276 | beyond what the individual works permit. Inclusion of a covered work 277 | in an aggregate does not cause this License to apply to the other 278 | parts of the aggregate. 279 | . 280 | 6. Conveying Non-Source Forms. 281 | . 282 | You may convey a covered work in object code form under the terms 283 | of sections 4 and 5, provided that you also convey the 284 | machine-readable Corresponding Source under the terms of this License, 285 | in one of these ways: 286 | . 287 | a) Convey the object code in, or embodied in, a physical product 288 | (including a physical distribution medium), accompanied by the 289 | Corresponding Source fixed on a durable physical medium 290 | customarily used for software interchange. 291 | . 292 | b) Convey the object code in, or embodied in, a physical product 293 | (including a physical distribution medium), accompanied by a 294 | written offer, valid for at least three years and valid for as 295 | long as you offer spare parts or customer support for that product 296 | model, to give anyone who possesses the object code either (1) a 297 | copy of the Corresponding Source for all the software in the 298 | product that is covered by this License, on a durable physical 299 | medium customarily used for software interchange, for a price no 300 | more than your reasonable cost of physically performing this 301 | conveying of source, or (2) access to copy the 302 | Corresponding Source from a network server at no charge. 303 | . 304 | c) Convey individual copies of the object code with a copy of the 305 | written offer to provide the Corresponding Source. This 306 | alternative is allowed only occasionally and noncommercially, and 307 | only if you received the object code with such an offer, in accord 308 | with subsection 6b. 309 | . 310 | d) Convey the object code by offering access from a designated 311 | place (gratis or for a charge), and offer equivalent access to the 312 | Corresponding Source in the same way through the same place at no 313 | further charge. You need not require recipients to copy the 314 | Corresponding Source along with the object code. If the place to 315 | copy the object code is a network server, the Corresponding Source 316 | may be on a different server (operated by you or a third party) 317 | that supports equivalent copying facilities, provided you maintain 318 | clear directions next to the object code saying where to find the 319 | Corresponding Source. Regardless of what server hosts the 320 | Corresponding Source, you remain obligated to ensure that it is 321 | available for as long as needed to satisfy these requirements. 322 | . 323 | e) Convey the object code using peer-to-peer transmission, provided 324 | you inform other peers where the object code and Corresponding 325 | Source of the work are being offered to the general public at no 326 | charge under subsection 6d. 327 | . 328 | A separable portion of the object code, whose source code is excluded 329 | from the Corresponding Source as a System Library, need not be 330 | included in conveying the object code work. 331 | . 332 | A "User Product" is either (1) a "consumer product", which means any 333 | tangible personal property which is normally used for personal, family, 334 | or household purposes, or (2) anything designed or sold for incorporation 335 | into a dwelling. In determining whether a product is a consumer product, 336 | doubtful cases shall be resolved in favor of coverage. For a particular 337 | product received by a particular user, "normally used" refers to a 338 | typical or common use of that class of product, regardless of the status 339 | of the particular user or of the way in which the particular user 340 | actually uses, or expects or is expected to use, the product. A product 341 | is a consumer product regardless of whether the product has substantial 342 | commercial, industrial or non-consumer uses, unless such uses represent 343 | the only significant mode of use of the product. 344 | . 345 | "Installation Information" for a User Product means any methods, 346 | procedures, authorization keys, or other information required to install 347 | and execute modified versions of a covered work in that User Product from 348 | a modified version of its Corresponding Source. The information must 349 | suffice to ensure that the continued functioning of the modified object 350 | code is in no case prevented or interfered with solely because 351 | modification has been made. 352 | . 353 | If you convey an object code work under this section in, or with, or 354 | specifically for use in, a User Product, and the conveying occurs as 355 | part of a transaction in which the right of possession and use of the 356 | User Product is transferred to the recipient in perpetuity or for a 357 | fixed term (regardless of how the transaction is characterized), the 358 | Corresponding Source conveyed under this section must be accompanied 359 | by the Installation Information. But this requirement does not apply 360 | if neither you nor any third party retains the ability to install 361 | modified object code on the User Product (for example, the work has 362 | been installed in ROM). 363 | . 364 | The requirement to provide Installation Information does not include a 365 | requirement to continue to provide support service, warranty, or updates 366 | for a work that has been modified or installed by the recipient, or for 367 | the User Product in which it has been modified or installed. Access to a 368 | network may be denied when the modification itself materially and 369 | adversely affects the operation of the network or violates the rules and 370 | protocols for communication across the network. 371 | . 372 | Corresponding Source conveyed, and Installation Information provided, 373 | in accord with this section must be in a format that is publicly 374 | documented (and with an implementation available to the public in 375 | source code form), and must require no special password or key for 376 | unpacking, reading or copying. 377 | . 378 | 7. Additional Terms. 379 | . 380 | "Additional permissions" are terms that supplement the terms of this 381 | License by making exceptions from one or more of its conditions. 382 | Additional permissions that are applicable to the entire Program shall 383 | be treated as though they were included in this License, to the extent 384 | that they are valid under applicable law. If additional permissions 385 | apply only to part of the Program, that part may be used separately 386 | under those permissions, but the entire Program remains governed by 387 | this License without regard to the additional permissions. 388 | . 389 | When you convey a copy of a covered work, you may at your option 390 | remove any additional permissions from that copy, or from any part of 391 | it. (Additional permissions may be written to require their own 392 | removal in certain cases when you modify the work.) You may place 393 | additional permissions on material, added by you to a covered work, 394 | for which you have or can give appropriate copyright permission. 395 | . 396 | Notwithstanding any other provision of this License, for material you 397 | add to a covered work, you may (if authorized by the copyright holders of 398 | that material) supplement the terms of this License with terms: 399 | . 400 | a) Disclaiming warranty or limiting liability differently from the 401 | terms of sections 15 and 16 of this License; or 402 | . 403 | b) Requiring preservation of specified reasonable legal notices or 404 | author attributions in that material or in the Appropriate Legal 405 | Notices displayed by works containing it; or 406 | . 407 | c) Prohibiting misrepresentation of the origin of that material, or 408 | requiring that modified versions of such material be marked in 409 | reasonable ways as different from the original version; or 410 | . 411 | d) Limiting the use for publicity purposes of names of licensors or 412 | authors of the material; or 413 | . 414 | e) Declining to grant rights under trademark law for use of some 415 | trade names, trademarks, or service marks; or 416 | . 417 | f) Requiring indemnification of licensors and authors of that 418 | material by anyone who conveys the material (or modified versions of 419 | it) with contractual assumptions of liability to the recipient, for 420 | any liability that these contractual assumptions directly impose on 421 | those licensors and authors. 422 | . 423 | All other non-permissive additional terms are considered "further 424 | restrictions" within the meaning of section 10. If the Program as you 425 | received it, or any part of it, contains a notice stating that it is 426 | governed by this License along with a term that is a further 427 | restriction, you may remove that term. If a license document contains 428 | a further restriction but permits relicensing or conveying under this 429 | License, you may add to a covered work material governed by the terms 430 | of that license document, provided that the further restriction does 431 | not survive such relicensing or conveying. 432 | . 433 | If you add terms to a covered work in accord with this section, you 434 | must place, in the relevant source files, a statement of the 435 | additional terms that apply to those files, or a notice indicating 436 | where to find the applicable terms. 437 | . 438 | Additional terms, permissive or non-permissive, may be stated in the 439 | form of a separately written license, or stated as exceptions; 440 | the above requirements apply either way. 441 | . 442 | 8. Termination. 443 | . 444 | You may not propagate or modify a covered work except as expressly 445 | provided under this License. Any attempt otherwise to propagate or 446 | modify it is void, and will automatically terminate your rights under 447 | this License (including any patent licenses granted under the third 448 | paragraph of section 11). 449 | . 450 | However, if you cease all violation of this License, then your 451 | license from a particular copyright holder is reinstated (a) 452 | provisionally, unless and until the copyright holder explicitly and 453 | finally terminates your license, and (b) permanently, if the copyright 454 | holder fails to notify you of the violation by some reasonable means 455 | prior to 60 days after the cessation. 456 | . 457 | Moreover, your license from a particular copyright holder is 458 | reinstated permanently if the copyright holder notifies you of the 459 | violation by some reasonable means, this is the first time you have 460 | received notice of violation of this License (for any work) from that 461 | copyright holder, and you cure the violation prior to 30 days after 462 | your receipt of the notice. 463 | . 464 | Termination of your rights under this section does not terminate the 465 | licenses of parties who have received copies or rights from you under 466 | this License. If your rights have been terminated and not permanently 467 | reinstated, you do not qualify to receive new licenses for the same 468 | material under section 10. 469 | . 470 | 9. Acceptance Not Required for Having Copies. 471 | . 472 | You are not required to accept this License in order to receive or 473 | run a copy of the Program. Ancillary propagation of a covered work 474 | occurring solely as a consequence of using peer-to-peer transmission 475 | to receive a copy likewise does not require acceptance. However, 476 | nothing other than this License grants you permission to propagate or 477 | modify any covered work. These actions infringe copyright if you do 478 | not accept this License. Therefore, by modifying or propagating a 479 | covered work, you indicate your acceptance of this License to do so. 480 | . 481 | 10. Automatic Licensing of Downstream Recipients. 482 | . 483 | Each time you convey a covered work, the recipient automatically 484 | receives a license from the original licensors, to run, modify and 485 | propagate that work, subject to this License. You are not responsible 486 | for enforcing compliance by third parties with this License. 487 | . 488 | An "entity transaction" is a transaction transferring control of an 489 | organization, or substantially all assets of one, or subdividing an 490 | organization, or merging organizations. If propagation of a covered 491 | work results from an entity transaction, each party to that 492 | transaction who receives a copy of the work also receives whatever 493 | licenses to the work the party's predecessor in interest had or could 494 | give under the previous paragraph, plus a right to possession of the 495 | Corresponding Source of the work from the predecessor in interest, if 496 | the predecessor has it or can get it with reasonable efforts. 497 | . 498 | You may not impose any further restrictions on the exercise of the 499 | rights granted or affirmed under this License. For example, you may 500 | not impose a license fee, royalty, or other charge for exercise of 501 | rights granted under this License, and you may not initiate litigation 502 | (including a cross-claim or counterclaim in a lawsuit) alleging that 503 | any patent claim is infringed by making, using, selling, offering for 504 | sale, or importing the Program or any portion of it. 505 | . 506 | 11. Patents. 507 | . 508 | A "contributor" is a copyright holder who authorizes use under this 509 | License of the Program or a work on which the Program is based. The 510 | work thus licensed is called the contributor's "contributor version". 511 | . 512 | A contributor's "essential patent claims" are all patent claims 513 | owned or controlled by the contributor, whether already acquired or 514 | hereafter acquired, that would be infringed by some manner, permitted 515 | by this License, of making, using, or selling its contributor version, 516 | but do not include claims that would be infringed only as a 517 | consequence of further modification of the contributor version. For 518 | purposes of this definition, "control" includes the right to grant 519 | patent sublicenses in a manner consistent with the requirements of 520 | this License. 521 | . 522 | Each contributor grants you a non-exclusive, worldwide, royalty-free 523 | patent license under the contributor's essential patent claims, to 524 | make, use, sell, offer for sale, import and otherwise run, modify and 525 | propagate the contents of its contributor version. 526 | . 527 | In the following three paragraphs, a "patent license" is any express 528 | agreement or commitment, however denominated, not to enforce a patent 529 | (such as an express permission to practice a patent or covenant not to 530 | sue for patent infringement). To "grant" such a patent license to a 531 | party means to make such an agreement or commitment not to enforce a 532 | patent against the party. 533 | . 534 | If you convey a covered work, knowingly relying on a patent license, 535 | and the Corresponding Source of the work is not available for anyone 536 | to copy, free of charge and under the terms of this License, through a 537 | publicly available network server or other readily accessible means, 538 | then you must either (1) cause the Corresponding Source to be so 539 | available, or (2) arrange to deprive yourself of the benefit of the 540 | patent license for this particular work, or (3) arrange, in a manner 541 | consistent with the requirements of this License, to extend the patent 542 | license to downstream recipients. "Knowingly relying" means you have 543 | actual knowledge that, but for the patent license, your conveying the 544 | covered work in a country, or your recipient's use of the covered work 545 | in a country, would infringe one or more identifiable patents in that 546 | country that you have reason to believe are valid. 547 | . 548 | If, pursuant to or in connection with a single transaction or 549 | arrangement, you convey, or propagate by procuring conveyance of, a 550 | covered work, and grant a patent license to some of the parties 551 | receiving the covered work authorizing them to use, propagate, modify 552 | or convey a specific copy of the covered work, then the patent license 553 | you grant is automatically extended to all recipients of the covered 554 | work and works based on it. 555 | . 556 | A patent license is "discriminatory" if it does not include within 557 | the scope of its coverage, prohibits the exercise of, or is 558 | conditioned on the non-exercise of one or more of the rights that are 559 | specifically granted under this License. You may not convey a covered 560 | work if you are a party to an arrangement with a third party that is 561 | in the business of distributing software, under which you make payment 562 | to the third party based on the extent of your activity of conveying 563 | the work, and under which the third party grants, to any of the 564 | parties who would receive the covered work from you, a discriminatory 565 | patent license (a) in connection with copies of the covered work 566 | conveyed by you (or copies made from those copies), or (b) primarily 567 | for and in connection with specific products or compilations that 568 | contain the covered work, unless you entered into that arrangement, 569 | or that patent license was granted, prior to 28 March 2007. 570 | . 571 | Nothing in this License shall be construed as excluding or limiting 572 | any implied license or other defenses to infringement that may 573 | otherwise be available to you under applicable patent law. 574 | . 575 | 12. No Surrender of Others' Freedom. 576 | . 577 | If conditions are imposed on you (whether by court order, agreement or 578 | otherwise) that contradict the conditions of this License, they do not 579 | excuse you from the conditions of this License. If you cannot convey a 580 | covered work so as to satisfy simultaneously your obligations under this 581 | License and any other pertinent obligations, then as a consequence you may 582 | not convey it at all. For example, if you agree to terms that obligate you 583 | to collect a royalty for further conveying from those to whom you convey 584 | the Program, the only way you could satisfy both those terms and this 585 | License would be to refrain entirely from conveying the Program. 586 | . 587 | 13. Remote Network Interaction; Use with the GNU General Public License. 588 | . 589 | Notwithstanding any other provision of this License, if you modify the 590 | Program, your modified version must prominently offer all users 591 | interacting with it remotely through a computer network (if your version 592 | supports such interaction) an opportunity to receive the Corresponding 593 | Source of your version by providing access to the Corresponding Source 594 | from a network server at no charge, through some standard or customary 595 | means of facilitating copying of software. This Corresponding Source 596 | shall include the Corresponding Source for any work covered by version 3 597 | of the GNU General Public License that is incorporated pursuant to the 598 | following paragraph. 599 | . 600 | Notwithstanding any other provision of this License, you have 601 | permission to link or combine any covered work with a work licensed 602 | under version 3 of the GNU General Public License into a single 603 | combined work, and to convey the resulting work. The terms of this 604 | License will continue to apply to the part which is the covered work, 605 | but the work with which it is combined will remain governed by version 606 | 3 of the GNU General Public License. 607 | . 608 | 14. Revised Versions of this License. 609 | . 610 | The Free Software Foundation may publish revised and/or new versions of 611 | the GNU Affero General Public License from time to time. Such new versions 612 | will be similar in spirit to the present version, but may differ in detail to 613 | address new problems or concerns. 614 | . 615 | Each version is given a distinguishing version number. If the 616 | Program specifies that a certain numbered version of the GNU Affero General 617 | Public License "or any later version" applies to it, you have the 618 | option of following the terms and conditions either of that numbered 619 | version or of any later version published by the Free Software 620 | Foundation. If the Program does not specify a version number of the 621 | GNU Affero General Public License, you may choose any version ever published 622 | by the Free Software Foundation. 623 | . 624 | If the Program specifies that a proxy can decide which future 625 | versions of the GNU Affero General Public License can be used, that proxy's 626 | public statement of acceptance of a version permanently authorizes you 627 | to choose that version for the Program. 628 | . 629 | Later license versions may give you additional or different 630 | permissions. However, no additional obligations are imposed on any 631 | author or copyright holder as a result of your choosing to follow a 632 | later version. 633 | . 634 | 15. Disclaimer of Warranty. 635 | . 636 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 637 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 638 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 639 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 640 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 641 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 642 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 643 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 644 | . 645 | 16. Limitation of Liability. 646 | . 647 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 648 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 649 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 650 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 651 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 652 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 653 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 654 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 655 | SUCH DAMAGES. 656 | . 657 | 17. Interpretation of Sections 15 and 16. 658 | . 659 | If the disclaimer of warranty and limitation of liability provided 660 | above cannot be given local legal effect according to their terms, 661 | reviewing courts shall apply local law that most closely approximates 662 | an absolute waiver of all civil liability in connection with the 663 | Program, unless a warranty or assumption of liability accompanies a 664 | copy of the Program in return for a fee. 665 | . 666 | END OF TERMS AND CONDITIONS 667 | . 668 | How to Apply These Terms to Your New Programs 669 | . 670 | If you develop a new program, and you want it to be of the greatest 671 | possible use to the public, the best way to achieve this is to make it 672 | free software which everyone can redistribute and change under these terms. 673 | . 674 | To do so, attach the following notices to the program. It is safest 675 | to attach them to the start of each source file to most effectively 676 | state the exclusion of warranty; and each file should have at least 677 | the "copyright" line and a pointer to where the full notice is found. 678 | . 679 | 680 | Copyright (C) 681 | . 682 | This program is free software: you can redistribute it and/or modify 683 | it under the terms of the GNU Affero General Public License as published by 684 | the Free Software Foundation, either version 3 of the License, or 685 | (at your option) any later version. 686 | . 687 | This program is distributed in the hope that it will be useful, 688 | but WITHOUT ANY WARRANTY; without even the implied warranty of 689 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 690 | GNU Affero General Public License for more details. 691 | . 692 | You should have received a copy of the GNU Affero General Public License 693 | along with this program. If not, see . 694 | . 695 | Also add information on how to contact you by electronic and paper mail. 696 | . 697 | If your software can interact with users remotely through a computer 698 | network, you should also make sure that it provides a way for users to 699 | get its source. For example, if your program is a web application, its 700 | interface could display a "Source" link that leads users to an archive 701 | of the code. There are many ways you could offer source, and different 702 | solutions will be better for different programs; see section 13 for the 703 | specific requirements. 704 | . 705 | You should also get your employer (if you work as a programmer) or school, 706 | if any, to sign a "copyright disclaimer" for the program, if necessary. 707 | For more information on this, and how to apply and follow the GNU AGPL, see 708 | . 709 | 710 | License: OFL-1.1 711 | ----------------------------------------------------------- 712 | SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007 713 | ----------------------------------------------------------- 714 | . 715 | PREAMBLE 716 | The goals of the Open Font License (OFL) are to stimulate worldwide 717 | development of collaborative font projects, to support the font creation 718 | efforts of academic and linguistic communities, and to provide a free and 719 | open framework in which fonts may be shared and improved in partnership 720 | with others. 721 | . 722 | The OFL allows the licensed fonts to be used, studied, modified and 723 | redistributed freely as long as they are not sold by themselves. The 724 | fonts, including any derivative works, can be bundled, embedded, 725 | redistributed and/or sold with any software provided that any reserved 726 | names are not used by derivative works. The fonts and derivatives, 727 | however, cannot be released under any other type of license. The 728 | requirement for fonts to remain under this license does not apply 729 | to any document created using the fonts or their derivatives. 730 | . 731 | DEFINITIONS 732 | "Font Software" refers to the set of files released by the Copyright 733 | Holder(s) under this license and clearly marked as such. This may 734 | include source files, build scripts and documentation. 735 | . 736 | "Reserved Font Name" refers to any names specified as such after the 737 | copyright statement(s). 738 | . 739 | "Original Version" refers to the collection of Font Software components as 740 | distributed by the Copyright Holder(s). 741 | . 742 | "Modified Version" refers to any derivative made by adding to, deleting, 743 | or substituting -- in part or in whole -- any of the components of the 744 | Original Version, by changing formats or by porting the Font Software to a 745 | new environment. 746 | . 747 | "Author" refers to any designer, engineer, programmer, technical 748 | writer or other person who contributed to the Font Software. 749 | . 750 | PERMISSION & CONDITIONS 751 | Permission is hereby granted, free of charge, to any person obtaining 752 | a copy of the Font Software, to use, study, copy, merge, embed, modify, 753 | redistribute, and sell modified and unmodified copies of the Font 754 | Software, subject to the following conditions: 755 | . 756 | 1) Neither the Font Software nor any of its individual components, 757 | in Original or Modified Versions, may be sold by itself. 758 | . 759 | 2) Original or Modified Versions of the Font Software may be bundled, 760 | redistributed and/or sold with any software, provided that each copy 761 | contains the above copyright notice and this license. These can be 762 | included either as stand-alone text files, human-readable headers or 763 | in the appropriate machine-readable metadata fields within text or 764 | binary files as long as those fields can be easily viewed by the user. 765 | . 766 | 3) No Modified Version of the Font Software may use the Reserved Font 767 | Name(s) unless explicit written permission is granted by the corresponding 768 | Copyright Holder. This restriction only applies to the primary font name as 769 | presented to the users. 770 | . 771 | 4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font 772 | Software shall not be used to promote, endorse or advertise any 773 | Modified Version, except to acknowledge the contribution(s) of the 774 | Copyright Holder(s) and the Author(s) or with their explicit written 775 | permission. 776 | . 777 | 5) The Font Software, modified or unmodified, in part or in whole, 778 | must be distributed entirely under this license, and must not be 779 | distributed under any other license. The requirement for fonts to 780 | remain under this license does not apply to any document created 781 | using the Font Software. 782 | . 783 | TERMINATION 784 | This license becomes null and void if any of the above conditions are 785 | not met. 786 | . 787 | DISCLAIMER 788 | THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 789 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF 790 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT 791 | OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE 792 | COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 793 | INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL 794 | DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 795 | FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM 796 | OTHER DEALINGS IN THE FONT SOFTWARE. 797 | -------------------------------------------------------------------------------- /debian/dist-base-files.displace-extension: -------------------------------------------------------------------------------- 1 | .anondist 2 | -------------------------------------------------------------------------------- /debian/dist-base-files.hide: -------------------------------------------------------------------------------- 1 | /etc/grub.d/10_linux 2 | -------------------------------------------------------------------------------- /debian/dist-base-files.install: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2020 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | ## This file was generated using genmkfile 'make debinstfile'. 5 | 6 | etc/* 7 | usr/* 8 | var/* 9 | boot/* 10 | -------------------------------------------------------------------------------- /debian/dist-base-files.links: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2024 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | ## https://github.com/QubesOS/qubes-core-agent-linux/pull/481 5 | /usr/share/distro-info/kicksecure.csv /usr/share/distro-info/derivative.csv 6 | -------------------------------------------------------------------------------- /debian/dist-base-files.postinst: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | if [ -f /usr/libexec/helper-scripts/pre.bsh ]; then 7 | source /usr/libexec/helper-scripts/pre.bsh 8 | fi 9 | source /usr/libexec/helper-scripts/user_create.bsh 10 | 11 | set -e 12 | 13 | true " 14 | ##################################################################### 15 | ## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@ 16 | ##################################################################### 17 | " 18 | 19 | enable_systemd_repart_maybe() { 20 | if ! [ -f "/var/lib/kicksecure/status-files/repart-version-1" ]; then 21 | true "INFO: Skipping $FUNCNAME because file /var/lib/kicksecure/status-files/repart-version-1 does not exist. (This is expected during the initial build process. A chroot-script will later run the /usr/libexec/derivative-base-files/repart-enable script.)" 22 | return 0 23 | fi 24 | 25 | ## NOTE: This is also done in initializer-dist chroot-scripts. 26 | ## This is also done in dist-base-files postinst for the purpose of updates. 27 | /usr/libexec/derivative-base-files/repart-enable 28 | true "INFO: $FUNCNAME OK." 29 | } 30 | 31 | check_linux_account_specific() { 32 | if command -v qubesdb-read >/dev/null 2>&1 ; then 33 | ## Leave user 'user' creation to Qubes. 34 | true "INFO: Skipping because Qubes detected." 35 | return 1 36 | fi 37 | 38 | ## Don't create a new user during distribution morphing, only do it when building an ISO or VM image. 39 | if [ ! "$derivative_maker" = "true" ] && ! [ -f '/var/lib/dist-base-files/live_build' ]; then 40 | true "INFO: Skipping since not running under derivative-maker and /var/lib/dist-base-files/live_build does not exist (during the build process)." 41 | return 1 42 | fi 43 | 44 | true "INFO: Continuing..." 45 | return 0 46 | } 47 | 48 | add_linux_user_account_named_user() { 49 | if [ -f "/var/lib/dist-base-files/do_once/${FUNCNAME}_version_1" ]; then 50 | return 0 51 | fi 52 | mkdir --parents "/var/lib/dist-base-files/do_once" 53 | 54 | if ! check_linux_account_specific ; then 55 | true "INFO: Skipping ${FUNCNAME}." 56 | return 0 57 | fi 58 | 59 | USER_CREATE_USERNAME="$user_to_be_created" 60 | add_linux_user_account 61 | 62 | touch "/var/lib/dist-base-files/do_once/${FUNCNAME}_version_1" 63 | } 64 | 65 | password_empty_for_user_account_named_user() { 66 | if [ -f "/var/lib/dist-base-files/do_once/${FUNCNAME}_version_1" ]; then 67 | return 0 68 | fi 69 | mkdir --parents "/var/lib/dist-base-files/do_once" 70 | 71 | if ! check_linux_account_specific ; then 72 | true "INFO: Skipping ${FUNCNAME}." 73 | return 0 74 | fi 75 | 76 | USER_CREATE_USERNAME="$user_to_be_created" 77 | password_empty_for_user_account 78 | 79 | touch "/var/lib/dist-base-files/do_once/${FUNCNAME}_version_1" 80 | } 81 | 82 | add_groups_to_linux_user_account_named_user() { 83 | if [ -f "/var/lib/dist-base-files/do_once/${FUNCNAME}_version_1" ]; then 84 | return 0 85 | fi 86 | mkdir --parents "/var/lib/dist-base-files/do_once" 87 | 88 | if ! check_linux_account_specific ; then 89 | true "INFO: Skipping ${FUNCNAME}." 90 | return 0 91 | fi 92 | 93 | USER_CREATE_USERNAME="$user_to_be_created" 94 | ## security-misc: Console Lockdown. 95 | ## Make sure group 'console' exists. Might not exist if security-misc is not (yet) installed. 96 | ## 97 | ## Adding group 'sudo' is OK even when using user-sysmaint-split, because 98 | ## limited accounts can no longer execute privilege escalation tools when 99 | ## user-sysmaint-split is installed. See also: 100 | ## https://www.kicksecure.com/wiki/Dev/user-sysmaint-split#No_Access_to_Privilege_Escalation_Tools_for_Limited_Accounts 101 | ## 102 | ## Required by 'debian/security-misc.preinst' function 'sudo_users_check'. 103 | USER_CREATE_GROUP_ADD_LIST=( 'sudo' 'console' 'ssh' ) 104 | add_groups_to_linux_user_account 105 | 106 | touch "/var/lib/dist-base-files/do_once/${FUNCNAME}_version_1" 107 | } 108 | 109 | console_lockdown() { 110 | if [ -f "/var/lib/dist-base-files/do_once/${FUNCNAME}_version_1" ]; then 111 | return 0 112 | fi 113 | mkdir --parents "/var/lib/dist-base-files/do_once" 114 | 115 | if ! check_linux_account_specific ; then 116 | true "INFO: Skipping ${FUNCNAME}." 117 | return 0 118 | fi 119 | 120 | ## No longer enable pam mkhomedir here. 121 | ## This is done by the security-misc package. File: 122 | ## /usr/share/pam-configs/mkhomedir-security-misc 123 | ## pam-auth-update --enable mkhomedir 124 | 125 | ## By package security-misc. 126 | pam-auth-update --enable console-lockdown-security-misc 127 | 128 | ## In Qubes and for existing installations Console Lockdown is 129 | ## is handled by legacy-dist package. 130 | 131 | touch "/var/lib/dist-base-files/do_once/${FUNCNAME}_version_1" 132 | } 133 | 134 | lock_root_account() { 135 | if [ -f "/var/lib/dist-base-files/do_once/${FUNCNAME}_version_1" ]; then 136 | return 0 137 | fi 138 | mkdir --parents "/var/lib/dist-base-files/do_once" 139 | 140 | if ! check_linux_account_specific ; then 141 | true "INFO: Skipping ${FUNCNAME}." 142 | return 0 143 | fi 144 | 145 | ## https://www.whonix.org/wiki/Root 146 | ## https://www.whonix.org/wiki/Dev/Strong_Linux_User_Account_Isolation 147 | 148 | echo "INFO: Locking account '$account_to_be_locked'..." 149 | passwd --lock "$account_to_be_locked" 150 | 151 | ## Disabled because it breaks `adduser`. 152 | ## https://forums.whonix.org/t/restrict-root-access/7658/59 153 | ## Expire the account to prevent SSH login. 154 | ## https://www.cyberciti.biz/faq/linux-locking-an-account/ 155 | #chage --expiredate 0 "$account_to_be_locked" 156 | 157 | ## Debugging. 158 | #chage --list "$account_to_be_locked" 159 | 160 | ## To undo: 161 | #sudo chage --expiredate -1 "$account_to_be_locked" 162 | #sudo passwd 163 | 164 | touch "/var/lib/dist-base-files/do_once/${FUNCNAME}_version_1" 165 | } 166 | 167 | user_shell_to_zsh() { 168 | if [ -f "/var/lib/dist-base-files/do_once/${FUNCNAME}_version_3" ]; then 169 | return 0 170 | fi 171 | mkdir --parents "/var/lib/dist-base-files/do_once" 172 | 173 | USER_CREATE_USERNAME="$user_to_be_created" 174 | linux_user_account_shell_to_zsh 175 | USER_CREATE_USERNAME='root' 176 | linux_user_account_shell_to_zsh 177 | 178 | touch "/var/lib/dist-base-files/do_once/${FUNCNAME}_version_3" 179 | } 180 | 181 | ## Define variables here to make this easier to software fork. 182 | user_to_be_created="user" 183 | account_to_be_locked="root" 184 | build_version_file="/var/lib/dist-base-files/build_version" 185 | 186 | case "$1" in 187 | configure) 188 | true "INFO: Configuring $DPKG_MAINTSCRIPT_PACKAGE..." 189 | 190 | enable_systemd_repart_maybe 191 | 192 | if [ ! -f "$build_version_file" ]; then 193 | ## Sanity test. 194 | if [ "$dist_build_version" = "" ]; then 195 | ## Package dpkg-dev provides dpkg-parsechangelog. 196 | ## If dist_build_version is empty, use the version number of the package. 197 | dist_build_version="$(zless "/usr/share/doc/$DPKG_MAINTSCRIPT_PACKAGE/changelog.Debian.gz" | dpkg-parsechangelog -l- -SVersion)" || true 198 | fi 199 | if [ "$dist_build_version" = "" ]; then 200 | echo "ERROR: Could not determine variable 'dist_build_version'." 201 | else 202 | mkdir --parents "$(dirname "$build_version_file")" 203 | echo "INFO: Logging dist_build_version '$dist_build_version' to '$build_version_file'..." 204 | ## Debugging. 205 | touch "$build_version_file" 206 | ## Logging. 207 | echo "$dist_build_version" | sponge -- "$build_version_file" 208 | ## Debugging. 209 | cat "$build_version_file" 210 | fi 211 | fi 212 | 213 | add_linux_user_account_named_user 214 | password_empty_for_user_account_named_user 215 | add_groups_to_linux_user_account_named_user 216 | console_lockdown 217 | lock_root_account 218 | user_shell_to_zsh 219 | 220 | true "INFO: End configuring $DPKG_MAINTSCRIPT_PACKAGE." 221 | 222 | ;; 223 | 224 | *) 225 | ;; 226 | esac 227 | 228 | true "INFO: debhelper beginning here." 229 | 230 | #DEBHELPER# 231 | 232 | true "INFO: Done with debhelper." 233 | 234 | true " 235 | ##################################################################### 236 | ## INFO: END : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@ 237 | ##################################################################### 238 | " 239 | 240 | ## Explicitly "exit 0", so eventually trapped errors can be ignored. 241 | exit 0 242 | -------------------------------------------------------------------------------- /debian/dist-base-files.preinst: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | if [ -f /usr/libexec/helper-scripts/pre.bsh ]; then 7 | source /usr/libexec/helper-scripts/pre.bsh 8 | fi 9 | 10 | set -e 11 | 12 | true " 13 | ##################################################################### 14 | ## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@ 15 | ##################################################################### 16 | " 17 | 18 | etc_machine_id_modify() { 19 | if [ -f "/var/lib/anon-base-files/do_once/${FUNCNAME}_version_1" ]; then 20 | return 0 21 | fi 22 | 23 | ## Prevent the following question. 24 | # Setting up anon-base-files (3:5.3-1) ... 25 | # 26 | # Configuration file '/etc/machine-id' 27 | # ==> File on system created by you or by a script. 28 | # ==> File also in package provided by package maintainer. 29 | # What would you like to do about it ? Your options are: 30 | # Y or I : install the package maintainer's version 31 | # N or O : keep your currently-installed version 32 | # D : show the differences between the versions 33 | # Z : start a shell to examine the situation 34 | # The default action is to keep your current version. 35 | # *** machine-id (Y/I/N/O/D/Z) [default=N] ? 36 | 37 | machine_id_wanted="b08dfa6083e7567a1921a715000001fb" 38 | if test -f "/etc/machine-id" ; then 39 | current="$(cat "/etc/machine-id")" || true 40 | if [ ! "$current" = "$machine_id_wanted" ]; then 41 | echo "$machine_id_wanted" | tee "/etc/machine-id" >/dev/null || true 42 | fi 43 | fi 44 | 45 | mkdir --parents "/var/lib/anon-base-files/do_once" 46 | touch "/var/lib/anon-base-files/do_once/${FUNCNAME}_version_1" 47 | } 48 | 49 | etc_machine_id_modify 50 | 51 | true "INFO: debhelper beginning here." 52 | 53 | #DEBHELPER# 54 | 55 | true "INFO: Done with debhelper." 56 | 57 | true " 58 | ##################################################################### 59 | ## INFO: END : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@ 60 | ##################################################################### 61 | " 62 | 63 | ## Explicitly "exit 0", so eventually trapped errors can be ignored. 64 | exit 0 65 | -------------------------------------------------------------------------------- /debian/dist-base-files.undisplace: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | /etc/hosts.anondist 5 | /etc/hostname.anondist 6 | -------------------------------------------------------------------------------- /debian/make-helper-overrides.bsh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Copyright (C) 2019 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | ## TODO 7 | genmkfile_lintian_post_opts+=" --suppress-tags superfluous-file-pattern " 8 | genmkfile_lintian_post_opts+=" --suppress-tags missing-license-paragraph-in-dep5-copyright " 9 | -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | 3 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | #export DH_VERBOSE=1 7 | 8 | %: 9 | dh $@ --with=config-package 10 | 11 | override_dh_installchangelogs: 12 | dh_installchangelogs changelog.upstream upstream 13 | 14 | override_dh_installman: 15 | dh_installman $(CURDIR)/auto-generated-man-pages/* 16 | -------------------------------------------------------------------------------- /debian/source/format: -------------------------------------------------------------------------------- 1 | 3.0 (quilt) 2 | -------------------------------------------------------------------------------- /debian/source/lintian-overrides: -------------------------------------------------------------------------------- 1 | ## https://phabricator.whonix.org/T277 2 | debian-watch-does-not-check-openpgp-signature 3 | -------------------------------------------------------------------------------- /debian/watch: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | version=4 5 | opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/dist-base-files-$1\.tar\.gz/ \ 6 | https://github.com/Whonix/dist-base-files/tags .*/v?(\d\S+)\.tar\.gz 7 | -------------------------------------------------------------------------------- /etc/grub.d/10_00_linux_dist: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | set -e 3 | 4 | # grub-mkconfig helper script. 5 | # Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc. 6 | # 7 | # GRUB is free software: you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation, either version 3 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # GRUB is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with GRUB. If not, see . 19 | 20 | prefix="/usr" 21 | exec_prefix="/usr" 22 | datarootdir="/usr/share" 23 | ubuntu_recovery="0" 24 | quiet_boot="0" 25 | quick_boot="0" 26 | gfxpayload_dynamic="0" 27 | vt_handoff="0" 28 | 29 | . "$pkgdatadir/grub-mkconfig_lib" 30 | 31 | export TEXTDOMAIN=grub 32 | export TEXTDOMAINDIR="${datarootdir}/locale" 33 | 34 | CLASS="--class gnu-linux --class gnu --class os" 35 | SUPPORTED_INITS="sysvinit:/lib/sysvinit/init systemd:/lib/systemd/systemd upstart:/sbin/upstart" 36 | 37 | if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then 38 | OS=GNU/Linux 39 | else 40 | case ${GRUB_DISTRIBUTOR} in 41 | Ubuntu|Kubuntu) 42 | OS="${GRUB_DISTRIBUTOR}" 43 | ;; 44 | *) 45 | OS="${GRUB_DISTRIBUTOR}" 46 | ;; 47 | esac 48 | CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" 49 | fi 50 | 51 | # loop-AES arranges things so that /dev/loop/X can be our root device, but 52 | # the initrds that Linux uses don't like that. 53 | case ${GRUB_DEVICE} in 54 | /dev/loop/*|/dev/loop[0-9]) 55 | GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"` 56 | # We can't cope with devices loop-mounted from files here. 57 | case ${GRUB_DEVICE} in 58 | /dev/*) ;; 59 | *) exit 0 ;; 60 | esac 61 | ;; 62 | esac 63 | 64 | # Default to disabling partition uuid support to maintian compatibility with 65 | # older kernels. 66 | GRUB_DISABLE_LINUX_PARTUUID=${GRUB_DISABLE_LINUX_PARTUUID-true} 67 | 68 | # btrfs may reside on multiple devices. We cannot pass them as value of root= parameter 69 | # and mounting btrfs requires user space scanning, so force UUID in this case. 70 | if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \ 71 | || ( [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ 72 | && [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ] ) \ 73 | || ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ 74 | && ! test -e "/dev/disk/by-partuuid/${GRUB_DEVICE_PARTUUID}" ) \ 75 | || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then 76 | LINUX_ROOT_DEVICE=${GRUB_DEVICE} 77 | elif [ "x${GRUB_DEVICE_UUID}" = "x" ] \ 78 | || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ]; then 79 | LINUX_ROOT_DEVICE=PARTUUID=${GRUB_DEVICE_PARTUUID} 80 | else 81 | LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} 82 | fi 83 | 84 | case x"$GRUB_FS" in 85 | xbtrfs) 86 | rootsubvol="`make_system_path_relative_to_its_root /`" 87 | rootsubvol="${rootsubvol#/}" 88 | if [ "x${rootsubvol}" != x ]; then 89 | GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" 90 | fi;; 91 | xzfs) 92 | rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` 93 | bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`" 94 | LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs%/}" 95 | ;; 96 | esac 97 | 98 | title_correction_code= 99 | 100 | if [ -x /lib/recovery-mode/recovery-menu ]; then 101 | GRUB_CMDLINE_LINUX_RECOVERY=recovery 102 | else 103 | GRUB_CMDLINE_LINUX_RECOVERY=single 104 | fi 105 | if [ "$ubuntu_recovery" = 1 ]; then 106 | GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY nomodeset" 107 | fi 108 | 109 | if [ "$vt_handoff" = 1 ]; then 110 | for word in $GRUB_CMDLINE_LINUX_DEFAULT; do 111 | if [ "$word" = splash ]; then 112 | GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT \$vt_handoff" 113 | fi 114 | done 115 | fi 116 | 117 | linux_entry () 118 | { 119 | os="$1" 120 | version="$2" 121 | type="$3" 122 | args="$4" 123 | 124 | if [ -z "$boot_device_id" ]; then 125 | boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" 126 | fi 127 | if [ x$type != xsimple ] ; then 128 | case $type in 129 | recovery) 130 | title="$(gettext_printf "%s, with Linux %s (%s)" "${os}" "${version}" "$(gettext "${GRUB_RECOVERY_TITLE}")")" ;; 131 | init-*) 132 | title="$(gettext_printf "%s, with Linux %s (%s)" "${os}" "${version}" "${type#init-}")" ;; 133 | *) 134 | title="$(gettext_printf "%s, with Linux %s" "${os}" "${version}")" ;; 135 | esac 136 | if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then 137 | replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')" 138 | quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" 139 | title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" 140 | grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")" 141 | fi 142 | echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" 143 | else 144 | echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" 145 | fi 146 | if [ "$quick_boot" = 1 ]; then 147 | echo " recordfail" | sed "s/^/$submenu_indentation/" 148 | fi 149 | if [ x$type != xrecovery ] ; then 150 | save_default_entry | grub_add_tab 151 | fi 152 | 153 | # Use ELILO's generic "efifb" when it's known to be available. 154 | # FIXME: We need an interface to select vesafb in case efifb can't be used. 155 | if [ "x$GRUB_GFXPAYLOAD_LINUX" = x ]; then 156 | echo " load_video" | sed "s/^/$submenu_indentation/" 157 | else 158 | if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then 159 | echo " load_video" | sed "s/^/$submenu_indentation/" 160 | fi 161 | fi 162 | if ([ "$ubuntu_recovery" = 0 ] || [ x$type != xrecovery ]) && \ 163 | ([ "x$GRUB_GFXPAYLOAD_LINUX" != x ] || [ "$gfxpayload_dynamic" = 1 ]); then 164 | echo " gfxmode \$linux_gfx_mode" | sed "s/^/$submenu_indentation/" 165 | fi 166 | 167 | echo " insmod gzio" | sed "s/^/$submenu_indentation/" 168 | echo " if [ x\$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi" | sed "s/^/$submenu_indentation/" 169 | 170 | if [ x$dirname = x/ ]; then 171 | if [ -z "${prepare_root_cache}" ]; then 172 | prepare_root_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE} | grub_add_tab)" 173 | fi 174 | printf '%s\n' "${prepare_root_cache}" | sed "s/^/$submenu_indentation/" 175 | else 176 | if [ -z "${prepare_boot_cache}" ]; then 177 | prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)" 178 | fi 179 | printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/" 180 | fi 181 | if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then 182 | message="$(gettext_printf "Loading Linux %s ..." ${version})" 183 | sed "s/^/$submenu_indentation/" << EOF 184 | echo '$(echo "$message" | grub_quote)' 185 | EOF 186 | fi 187 | if test -d /sys/firmware/efi && test -e "${linux}.efi.signed"; then 188 | sed "s/^/$submenu_indentation/" << EOF 189 | linux ${rel_dirname}/${basename}.efi.signed root=${linux_root_device_thisversion} ro ${args} 190 | EOF 191 | else 192 | sed "s/^/$submenu_indentation/" << EOF 193 | linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} 194 | EOF 195 | fi 196 | if test -n "${initrd}" ; then 197 | # TRANSLATORS: ramdisk isn't identifier. Should be translated. 198 | if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then 199 | message="$(gettext_printf "Loading initial ramdisk ...")" 200 | sed "s/^/$submenu_indentation/" << EOF 201 | echo '$(echo "$message" | grub_quote)' 202 | EOF 203 | fi 204 | initrd_path= 205 | for i in ${initrd}; do 206 | initrd_path="${initrd_path} ${rel_dirname}/${i}" 207 | done 208 | sed "s/^/$submenu_indentation/" << EOF 209 | initrd $(echo $initrd_path) 210 | EOF 211 | fi 212 | sed "s/^/$submenu_indentation/" << EOF 213 | } 214 | EOF 215 | } 216 | 217 | machine=`uname -m` 218 | case "x$machine" in 219 | xi?86 | xx86_64) 220 | list= 221 | for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do 222 | if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi 223 | done ;; 224 | *) 225 | list= 226 | for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do 227 | if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi 228 | done ;; 229 | esac 230 | 231 | case "$machine" in 232 | i?86) GENKERNEL_ARCH="x86" ;; 233 | mips|mips64) GENKERNEL_ARCH="mips" ;; 234 | mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; 235 | arm*) GENKERNEL_ARCH="arm" ;; 236 | *) GENKERNEL_ARCH="$machine" ;; 237 | esac 238 | 239 | prepare_boot_cache= 240 | prepare_root_cache= 241 | boot_device_id= 242 | title_correction_code= 243 | 244 | cat << 'EOF' 245 | function gfxmode { 246 | set gfxpayload="${1}" 247 | EOF 248 | if [ "$vt_handoff" = 1 ]; then 249 | cat << 'EOF' 250 | if [ "${1}" = "keep" ]; then 251 | set vt_handoff=vt.handoff=7 252 | else 253 | set vt_handoff= 254 | fi 255 | EOF 256 | fi 257 | cat << EOF 258 | } 259 | EOF 260 | 261 | # Use ELILO's generic "efifb" when it's known to be available. 262 | # FIXME: We need an interface to select vesafb in case efifb can't be used. 263 | if [ "x$GRUB_GFXPAYLOAD_LINUX" != x ] || [ "$gfxpayload_dynamic" = 0 ]; then 264 | echo "set linux_gfx_mode=$GRUB_GFXPAYLOAD_LINUX" 265 | else 266 | cat << EOF 267 | if [ "\${recordfail}" != 1 ]; then 268 | if [ -e \${prefix}/gfxblacklist.txt ]; then 269 | if hwmatch \${prefix}/gfxblacklist.txt 3; then 270 | if [ \${match} = 0 ]; then 271 | set linux_gfx_mode=keep 272 | else 273 | set linux_gfx_mode=text 274 | fi 275 | else 276 | set linux_gfx_mode=text 277 | fi 278 | else 279 | set linux_gfx_mode=keep 280 | fi 281 | else 282 | set linux_gfx_mode=text 283 | fi 284 | EOF 285 | fi 286 | cat << EOF 287 | export linux_gfx_mode 288 | EOF 289 | 290 | # Extra indentation to add to menu entries in a submenu. We're not in a submenu 291 | # yet, so it's empty. In a submenu it will be equal to '\t' (one tab). 292 | submenu_indentation="" 293 | 294 | is_top_level=true 295 | while [ "x$list" != "x" ] ; do 296 | linux=`version_find_latest $list` 297 | case $linux in 298 | *.efi.signed) 299 | # We handle these in linux_entry. 300 | list=`echo $list | tr ' ' '\n' | grep -vx $linux | tr '\n' ' '` 301 | continue 302 | ;; 303 | esac 304 | gettext_printf "Found linux image: %s\n" "$linux" >&2 305 | basename=`basename $linux` 306 | dirname=`dirname $linux` 307 | rel_dirname=`make_system_path_relative_to_its_root $dirname` 308 | version=`echo $basename | sed -e "s,^[^0-9]*-,,g"` 309 | alt_version=`echo $version | sed -e "s,\.old$,,g"` 310 | linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" 311 | 312 | initrd_early= 313 | for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \ 314 | ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do 315 | if test -e "${dirname}/${i}" ; then 316 | initrd_early="${initrd_early} ${i}" 317 | fi 318 | done 319 | 320 | initrd_real= 321 | for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ 322 | "initrd-${version}" "initramfs-${version}.img" \ 323 | "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ 324 | "initrd-${alt_version}" "initramfs-${alt_version}.img" \ 325 | "initramfs-genkernel-${version}" \ 326 | "initramfs-genkernel-${alt_version}" \ 327 | "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ 328 | "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do 329 | if test -e "${dirname}/${i}" ; then 330 | initrd_real="${i}" 331 | break 332 | fi 333 | done 334 | 335 | initrd= 336 | if test -n "${initrd_early}" || test -n "${initrd_real}"; then 337 | initrd="${initrd_early} ${initrd_real}" 338 | 339 | initrd_display= 340 | for i in ${initrd}; do 341 | initrd_display="${initrd_display} ${dirname}/${i}" 342 | done 343 | gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 344 | fi 345 | 346 | config= 347 | for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do 348 | if test -e "${i}" ; then 349 | config="${i}" 350 | break 351 | fi 352 | done 353 | 354 | initramfs= 355 | if test -n "${config}" ; then 356 | initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"` 357 | fi 358 | 359 | if test -z "${initramfs}" && test -z "${initrd_real}" ; then 360 | # "UUID=" and "ZFS=" magic is parsed by initrd or initramfs. Since there's 361 | # no initrd or builtin initramfs, it can't work here. 362 | if [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] \ 363 | || [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ]; then 364 | 365 | linux_root_device_thisversion=${GRUB_DEVICE} 366 | else 367 | linux_root_device_thisversion=PARTUUID=${GRUB_DEVICE_PARTUUID} 368 | fi 369 | fi 370 | 371 | # The GRUB_DISABLE_SUBMENU option used to be different than others since it was 372 | # mentioned in the documentation that has to be set to 'y' instead of 'true' to 373 | # enable it. This caused a lot of confusion to users that set the option to 'y', 374 | # 'yes' or 'true'. This was fixed but all of these values must be supported now. 375 | if [ "x${GRUB_DISABLE_SUBMENU}" = xyes ] || [ "x${GRUB_DISABLE_SUBMENU}" = xy ]; then 376 | GRUB_DISABLE_SUBMENU="true" 377 | fi 378 | 379 | if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then 380 | linux_entry "${OS}" "${version}" simple \ 381 | "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" 382 | 383 | submenu_indentation="$grub_tab" 384 | 385 | if [ -z "$boot_device_id" ]; then 386 | boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" 387 | fi 388 | # TRANSLATORS: %s is replaced with an OS name 389 | # echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {" 390 | is_top_level=false 391 | fi 392 | 393 | # linux_entry "${OS}" "${version}" advanced \ 394 | # "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" 395 | # for supported_init in ${SUPPORTED_INITS}; do 396 | # init_path="${supported_init#*:}" 397 | # if [ -x "${init_path}" ] && [ "$(readlink -f /sbin/init)" != "$(readlink -f "${init_path}")" ]; then 398 | # linux_entry "${OS}" "${version}" "init-${supported_init%%:*}" \ 399 | # "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} init=${init_path}" 400 | # fi 401 | # done 402 | # if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then 403 | # linux_entry "${OS}" "${version}" recovery \ 404 | # "${GRUB_CMDLINE_LINUX_RECOVERY} ${GRUB_CMDLINE_LINUX}" 405 | # fi 406 | 407 | list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` 408 | done 409 | 410 | # If at least one kernel was found, then we need to 411 | # add a closing '}' for the submenu command. 412 | #if [ x"$is_top_level" != xtrue ]; then 413 | # echo '}' 414 | #fi 415 | 416 | echo "$title_correction_code" 417 | -------------------------------------------------------------------------------- /etc/grub.d/10_50_linux_dist_advanced: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | set -e 3 | 4 | # grub-mkconfig helper script. 5 | # Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc. 6 | # 7 | # GRUB is free software: you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation, either version 3 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # GRUB is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with GRUB. If not, see . 19 | 20 | prefix="/usr" 21 | exec_prefix="/usr" 22 | datarootdir="/usr/share" 23 | ubuntu_recovery="0" 24 | quiet_boot="0" 25 | quick_boot="0" 26 | gfxpayload_dynamic="0" 27 | vt_handoff="0" 28 | 29 | . "$pkgdatadir/grub-mkconfig_lib" 30 | 31 | export TEXTDOMAIN=grub 32 | export TEXTDOMAINDIR="${datarootdir}/locale" 33 | 34 | CLASS="--class gnu-linux --class gnu --class os" 35 | SUPPORTED_INITS="sysvinit:/lib/sysvinit/init systemd:/lib/systemd/systemd upstart:/sbin/upstart" 36 | 37 | if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then 38 | OS=GNU/Linux 39 | else 40 | case ${GRUB_DISTRIBUTOR} in 41 | Ubuntu|Kubuntu) 42 | OS="${GRUB_DISTRIBUTOR}" 43 | ;; 44 | *) 45 | OS="${GRUB_DISTRIBUTOR}" 46 | ;; 47 | esac 48 | CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" 49 | fi 50 | 51 | # loop-AES arranges things so that /dev/loop/X can be our root device, but 52 | # the initrds that Linux uses don't like that. 53 | case ${GRUB_DEVICE} in 54 | /dev/loop/*|/dev/loop[0-9]) 55 | GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"` 56 | # We can't cope with devices loop-mounted from files here. 57 | case ${GRUB_DEVICE} in 58 | /dev/*) ;; 59 | *) exit 0 ;; 60 | esac 61 | ;; 62 | esac 63 | 64 | # Default to disabling partition uuid support to maintian compatibility with 65 | # older kernels. 66 | GRUB_DISABLE_LINUX_PARTUUID=${GRUB_DISABLE_LINUX_PARTUUID-true} 67 | 68 | # btrfs may reside on multiple devices. We cannot pass them as value of root= parameter 69 | # and mounting btrfs requires user space scanning, so force UUID in this case. 70 | if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \ 71 | || ( [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ 72 | && [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ] ) \ 73 | || ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ 74 | && ! test -e "/dev/disk/by-partuuid/${GRUB_DEVICE_PARTUUID}" ) \ 75 | || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then 76 | LINUX_ROOT_DEVICE=${GRUB_DEVICE} 77 | elif [ "x${GRUB_DEVICE_UUID}" = "x" ] \ 78 | || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ]; then 79 | LINUX_ROOT_DEVICE=PARTUUID=${GRUB_DEVICE_PARTUUID} 80 | else 81 | LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} 82 | fi 83 | 84 | case x"$GRUB_FS" in 85 | xbtrfs) 86 | rootsubvol="`make_system_path_relative_to_its_root /`" 87 | rootsubvol="${rootsubvol#/}" 88 | if [ "x${rootsubvol}" != x ]; then 89 | GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" 90 | fi;; 91 | xzfs) 92 | rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` 93 | bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`" 94 | LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs%/}" 95 | ;; 96 | esac 97 | 98 | title_correction_code= 99 | 100 | if [ -x /lib/recovery-mode/recovery-menu ]; then 101 | GRUB_CMDLINE_LINUX_RECOVERY=recovery 102 | else 103 | GRUB_CMDLINE_LINUX_RECOVERY=single 104 | fi 105 | if [ "$ubuntu_recovery" = 1 ]; then 106 | GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY nomodeset" 107 | fi 108 | 109 | if [ "$vt_handoff" = 1 ]; then 110 | for word in $GRUB_CMDLINE_LINUX_DEFAULT; do 111 | if [ "$word" = splash ]; then 112 | GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT \$vt_handoff" 113 | fi 114 | done 115 | fi 116 | 117 | linux_entry () 118 | { 119 | os="$1" 120 | version="$2" 121 | type="$3" 122 | args="$4" 123 | 124 | if [ -z "$boot_device_id" ]; then 125 | boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" 126 | fi 127 | if [ x$type != xsimple ] ; then 128 | case $type in 129 | recovery) 130 | title="$(gettext_printf "%s, with Linux %s (%s)" "${os}" "${version}" "$(gettext "${GRUB_RECOVERY_TITLE}")")" ;; 131 | init-*) 132 | title="$(gettext_printf "%s, with Linux %s (%s)" "${os}" "${version}" "${type#init-}")" ;; 133 | *) 134 | title="$(gettext_printf "%s, with Linux %s" "${os}" "${version}")" ;; 135 | esac 136 | if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then 137 | replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')" 138 | quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" 139 | title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" 140 | grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")" 141 | fi 142 | echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" 143 | else 144 | echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" 145 | fi 146 | if [ "$quick_boot" = 1 ]; then 147 | echo " recordfail" | sed "s/^/$submenu_indentation/" 148 | fi 149 | if [ x$type != xrecovery ] ; then 150 | save_default_entry | grub_add_tab 151 | fi 152 | 153 | # Use ELILO's generic "efifb" when it's known to be available. 154 | # FIXME: We need an interface to select vesafb in case efifb can't be used. 155 | if [ "x$GRUB_GFXPAYLOAD_LINUX" = x ]; then 156 | echo " load_video" | sed "s/^/$submenu_indentation/" 157 | else 158 | if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then 159 | echo " load_video" | sed "s/^/$submenu_indentation/" 160 | fi 161 | fi 162 | if ([ "$ubuntu_recovery" = 0 ] || [ x$type != xrecovery ]) && \ 163 | ([ "x$GRUB_GFXPAYLOAD_LINUX" != x ] || [ "$gfxpayload_dynamic" = 1 ]); then 164 | echo " gfxmode \$linux_gfx_mode" | sed "s/^/$submenu_indentation/" 165 | fi 166 | 167 | echo " insmod gzio" | sed "s/^/$submenu_indentation/" 168 | echo " if [ x\$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi" | sed "s/^/$submenu_indentation/" 169 | 170 | if [ x$dirname = x/ ]; then 171 | if [ -z "${prepare_root_cache}" ]; then 172 | prepare_root_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE} | grub_add_tab)" 173 | fi 174 | printf '%s\n' "${prepare_root_cache}" | sed "s/^/$submenu_indentation/" 175 | else 176 | if [ -z "${prepare_boot_cache}" ]; then 177 | prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)" 178 | fi 179 | printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/" 180 | fi 181 | if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then 182 | message="$(gettext_printf "Loading Linux %s ..." ${version})" 183 | sed "s/^/$submenu_indentation/" << EOF 184 | echo '$(echo "$message" | grub_quote)' 185 | EOF 186 | fi 187 | if test -d /sys/firmware/efi && test -e "${linux}.efi.signed"; then 188 | sed "s/^/$submenu_indentation/" << EOF 189 | linux ${rel_dirname}/${basename}.efi.signed root=${linux_root_device_thisversion} ro ${args} 190 | EOF 191 | else 192 | sed "s/^/$submenu_indentation/" << EOF 193 | linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} 194 | EOF 195 | fi 196 | if test -n "${initrd}" ; then 197 | # TRANSLATORS: ramdisk isn't identifier. Should be translated. 198 | if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then 199 | message="$(gettext_printf "Loading initial ramdisk ...")" 200 | sed "s/^/$submenu_indentation/" << EOF 201 | echo '$(echo "$message" | grub_quote)' 202 | EOF 203 | fi 204 | initrd_path= 205 | for i in ${initrd}; do 206 | initrd_path="${initrd_path} ${rel_dirname}/${i}" 207 | done 208 | sed "s/^/$submenu_indentation/" << EOF 209 | initrd $(echo $initrd_path) 210 | EOF 211 | fi 212 | sed "s/^/$submenu_indentation/" << EOF 213 | } 214 | EOF 215 | } 216 | 217 | machine=`uname -m` 218 | case "x$machine" in 219 | xi?86 | xx86_64) 220 | list= 221 | for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do 222 | if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi 223 | done ;; 224 | *) 225 | list= 226 | for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do 227 | if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi 228 | done ;; 229 | esac 230 | 231 | case "$machine" in 232 | i?86) GENKERNEL_ARCH="x86" ;; 233 | mips|mips64) GENKERNEL_ARCH="mips" ;; 234 | mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; 235 | arm*) GENKERNEL_ARCH="arm" ;; 236 | *) GENKERNEL_ARCH="$machine" ;; 237 | esac 238 | 239 | prepare_boot_cache= 240 | prepare_root_cache= 241 | boot_device_id= 242 | title_correction_code= 243 | 244 | #cat << 'EOF' 245 | #function gfxmode { 246 | # set gfxpayload="${1}" 247 | #EOF 248 | #if [ "$vt_handoff" = 1 ]; then 249 | # cat << 'EOF' 250 | # if [ "${1}" = "keep" ]; then 251 | # set vt_handoff=vt.handoff=7 252 | # else 253 | # set vt_handoff= 254 | # fi 255 | #EOF 256 | #fi 257 | #cat << EOF 258 | #} 259 | #EOF 260 | 261 | # Use ELILO's generic "efifb" when it's known to be available. 262 | # FIXME: We need an interface to select vesafb in case efifb can't be used. 263 | #if [ "x$GRUB_GFXPAYLOAD_LINUX" != x ] || [ "$gfxpayload_dynamic" = 0 ]; then 264 | # echo "set linux_gfx_mode=$GRUB_GFXPAYLOAD_LINUX" 265 | #else 266 | # cat << EOF 267 | #if [ "\${recordfail}" != 1 ]; then 268 | # if [ -e \${prefix}/gfxblacklist.txt ]; then 269 | # if hwmatch \${prefix}/gfxblacklist.txt 3; then 270 | # if [ \${match} = 0 ]; then 271 | # set linux_gfx_mode=keep 272 | # else 273 | # set linux_gfx_mode=text 274 | # fi 275 | # else 276 | # set linux_gfx_mode=text 277 | # fi 278 | # else 279 | # set linux_gfx_mode=keep 280 | # fi 281 | #else 282 | # set linux_gfx_mode=text 283 | #fi 284 | #EOF 285 | #fi 286 | #cat << EOF 287 | #export linux_gfx_mode 288 | #EOF 289 | 290 | # Extra indentation to add to menu entries in a submenu. We're not in a submenu 291 | # yet, so it's empty. In a submenu it will be equal to '\t' (one tab). 292 | submenu_indentation="" 293 | 294 | is_top_level=true 295 | while [ "x$list" != "x" ] ; do 296 | linux=`version_find_latest $list` 297 | case $linux in 298 | *.efi.signed) 299 | # We handle these in linux_entry. 300 | list=`echo $list | tr ' ' '\n' | grep -vx $linux | tr '\n' ' '` 301 | continue 302 | ;; 303 | esac 304 | gettext_printf "Found linux image: %s\n" "$linux" >&2 305 | basename=`basename $linux` 306 | dirname=`dirname $linux` 307 | rel_dirname=`make_system_path_relative_to_its_root $dirname` 308 | version=`echo $basename | sed -e "s,^[^0-9]*-,,g"` 309 | alt_version=`echo $version | sed -e "s,\.old$,,g"` 310 | linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" 311 | 312 | initrd_early= 313 | for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \ 314 | ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do 315 | if test -e "${dirname}/${i}" ; then 316 | initrd_early="${initrd_early} ${i}" 317 | fi 318 | done 319 | 320 | initrd_real= 321 | for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ 322 | "initrd-${version}" "initramfs-${version}.img" \ 323 | "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ 324 | "initrd-${alt_version}" "initramfs-${alt_version}.img" \ 325 | "initramfs-genkernel-${version}" \ 326 | "initramfs-genkernel-${alt_version}" \ 327 | "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ 328 | "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do 329 | if test -e "${dirname}/${i}" ; then 330 | initrd_real="${i}" 331 | break 332 | fi 333 | done 334 | 335 | initrd= 336 | if test -n "${initrd_early}" || test -n "${initrd_real}"; then 337 | initrd="${initrd_early} ${initrd_real}" 338 | 339 | initrd_display= 340 | for i in ${initrd}; do 341 | initrd_display="${initrd_display} ${dirname}/${i}" 342 | done 343 | gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 344 | fi 345 | 346 | config= 347 | for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do 348 | if test -e "${i}" ; then 349 | config="${i}" 350 | break 351 | fi 352 | done 353 | 354 | initramfs= 355 | if test -n "${config}" ; then 356 | initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"` 357 | fi 358 | 359 | if test -z "${initramfs}" && test -z "${initrd_real}" ; then 360 | # "UUID=" and "ZFS=" magic is parsed by initrd or initramfs. Since there's 361 | # no initrd or builtin initramfs, it can't work here. 362 | if [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] \ 363 | || [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ]; then 364 | 365 | linux_root_device_thisversion=${GRUB_DEVICE} 366 | else 367 | linux_root_device_thisversion=PARTUUID=${GRUB_DEVICE_PARTUUID} 368 | fi 369 | fi 370 | 371 | # The GRUB_DISABLE_SUBMENU option used to be different than others since it was 372 | # mentioned in the documentation that has to be set to 'y' instead of 'true' to 373 | # enable it. This caused a lot of confusion to users that set the option to 'y', 374 | # 'yes' or 'true'. This was fixed but all of these values must be supported now. 375 | if [ "x${GRUB_DISABLE_SUBMENU}" = xyes ] || [ "x${GRUB_DISABLE_SUBMENU}" = xy ]; then 376 | GRUB_DISABLE_SUBMENU="true" 377 | fi 378 | 379 | if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xtrue ]; then 380 | # linux_entry "${OS}" "${version}" simple \ 381 | # "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" 382 | 383 | submenu_indentation="$grub_tab" 384 | 385 | if [ -z "$boot_device_id" ]; then 386 | boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" 387 | fi 388 | # TRANSLATORS: %s is replaced with an OS name 389 | echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {" 390 | is_top_level=false 391 | fi 392 | 393 | linux_entry "${OS}" "${version}" advanced \ 394 | "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" 395 | for supported_init in ${SUPPORTED_INITS}; do 396 | init_path="${supported_init#*:}" 397 | if [ -x "${init_path}" ] && [ "$(readlink -f /sbin/init)" != "$(readlink -f "${init_path}")" ]; then 398 | linux_entry "${OS}" "${version}" "init-${supported_init%%:*}" \ 399 | "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} init=${init_path}" 400 | fi 401 | done 402 | if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then 403 | linux_entry "${OS}" "${version}" recovery \ 404 | "${GRUB_CMDLINE_LINUX_RECOVERY} ${GRUB_CMDLINE_LINUX}" 405 | fi 406 | 407 | list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` 408 | done 409 | 410 | # If at least one kernel was found, then we need to 411 | # add a closing '}' for the submenu command. 412 | if [ x"$is_top_level" != xtrue ]; then 413 | echo '}' 414 | fi 415 | 416 | echo "$title_correction_code" 417 | -------------------------------------------------------------------------------- /etc/machine-id: -------------------------------------------------------------------------------- 1 | b08dfa6083e7567a1921a715000001fb 2 | -------------------------------------------------------------------------------- /etc/privleap/conf.d/dist-base-files.conf: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | [allowed-users] 5 | User=user 6 | User=sysmaint 7 | 8 | [expected-disallowed-users] 9 | User=lightdm 10 | User=sddm 11 | -------------------------------------------------------------------------------- /etc/qubes/post-install.d/20-qubes-persistent-mode-user.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh -- 2 | 3 | ## Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | ## TODO: Qubes R4.3 and above: Once Qubes R4.2 support has been deprecated, 7 | ## the following 'if' clause should be removed. 8 | 9 | qubes_version="$(cat /usr/share/qubes/marker-vm | grep -v '^#')" 10 | if printf "%s\n" "${qubes_version}" | grep -q -e '^4.3' -e '^4.4' -e '^4.5' -e '^4.6' ; then 11 | qvm-features-request boot-mode.kernelopts.user='' 12 | qvm-features-request boot-mode.name.user='PERSISTENT Mode - USER Session' 13 | qvm-features-request boot-mode.active='user' 14 | qvm-features-request boot-mode.appvm-default='user' 15 | fi 16 | -------------------------------------------------------------------------------- /etc/sudoers.d/30_default-password-lecture: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2019 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | ## https://forums.whonix.org/t/disable-or-change-sudo-lecture-at-frist-run-we-trust-you-have-received-the-usual-lecture-from-the-local-system-administrator-it-usually-boils-down-to-these-three-things/8323 5 | Defaults lecture="once" 6 | Defaults lecture_file="/usr/share/derivative-base-files/sudo-default-password-lecture" 7 | -------------------------------------------------------------------------------- /etc/update-motd.d/30_dist-base-files: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | ## Feel free to delete this file. 7 | 8 | if test -f /usr/share/anon-gw-base-files/gateway ; then 9 | name_machine=Whonix-Gateway 10 | name_lower_case=whonix 11 | name_regular_case=Whonix 12 | elif test -f /usr/share/anon-ws-base-files/workstation ; then 13 | name_machine=Whonix-Workstation 14 | name_lower_case=whonix 15 | name_regular_case=Whonix 16 | elif test -f /usr/share/libvirt-dist/marker ; then 17 | name_machine=Whonix-Host 18 | name_lower_case=whonix 19 | name_regular_case=Whonix 20 | elif test -f /usr/share/kicksecure/marker ; then 21 | name_machine=Kicksecure 22 | name_lower_case=kicksecure 23 | name_regular_case=Kicksecure 24 | else 25 | ## Fallback. 26 | name_machine=dist-base-files 27 | name_lower_case=dist 28 | name_regular_case=Dist 29 | fi 30 | 31 | if test -f /usr/share/whonix/marker ; then 32 | project_website="https://www.whonix.org" 33 | else 34 | project_website="https://www.kicksecure.com" 35 | fi 36 | 37 | echo "Welcome to $name_machine (TM)!" 38 | echo "$project_website" 39 | echo " 40 | $name_regular_case Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 41 | $name_regular_case is Freedom Software, and you are welcome to redistribute it under 42 | certain conditions; type \"${name_lower_case}-license\" for details. 43 | $name_regular_case is a compilation of software packages, each under its own copyright and 44 | license. The exact license terms for each program are described in the 45 | individual files in /usr/share/doc/*/copyright. 46 | 47 | $name_regular_case GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent 48 | permitted by applicable law; for details type \"${name_lower_case}-disclaimer\" . 49 | " 50 | if test -f /usr/share/whonix/marker ; then 51 | echo "$name_regular_case is a derivative of Debian GNU/Linux and based on Tor. 52 | 53 | $name_regular_case is produced independently from the Tor (r) anonymity software and 54 | carries no guarantee from The Tor Project about quality, suitability or 55 | anything else." 56 | else 57 | echo "$name_regular_case is a derivative of Debian GNU/Linux." 58 | fi 59 | echo " 60 | $name_regular_case is a research project. 61 | " 62 | 63 | if command -v qubesdb-read >/dev/null 2>&1 ; then 64 | ## Skip Qubes default password until Qubes sudo gets implemented. 65 | ## https://github.com/QubesOS/qubes-issues/issues/2695 66 | true 67 | else 68 | echo "default user account: user 69 | default password: No password required. (Passwordless login.) 70 | " 71 | fi 72 | 73 | echo "Type: \"${name_lower_case}\" for help." 74 | -------------------------------------------------------------------------------- /man/dist-info.8.ronn: -------------------------------------------------------------------------------- 1 | dist-info(8) -- output build version and build timestamp 2 | ============================================= 3 | 4 | 8 | 9 | ## SYNOPSIS 10 | `dist-info` 11 | 12 | ## DESCRIPTION 13 | Outputs build version and build timestamp. 14 | 15 | ## AUTHOR 16 | This man page has been written by Patrick Schleizer (adrelanos@whonix.org). 17 | -------------------------------------------------------------------------------- /man/dsudo.8.ronn: -------------------------------------------------------------------------------- 1 | dsudo(8) -- default password sudo 2 | ============================================= 3 | 4 | 8 | 9 | ## SYNOPSIS 10 | `dsudo [OPTIONS]` 11 | 12 | ## DESCRIPTION 13 | Runs `sudo` default password "changeme". 14 | 15 | Forwards all environment variables and parameters to `sudo`. 16 | 17 | Sets `SUDO_ASKPASS=/usr/libexec/derivative-base-files/askpass-default` 18 | which sets `sudo_password=changeme` - unless environment variable 19 | `sudo_password` is already set to something else. 20 | 21 | Useful for testing. 22 | 23 | ## AUTHOR 24 | This man page has been written by Patrick Schleizer (adrelanos@whonix.org). 25 | -------------------------------------------------------------------------------- /usr/bin/dist-info: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Copyright (C) 2020 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | get_build_version_file() { 7 | if [ -f "/usr/share/whonix/build_timestamp" ]; then 8 | ## Originally, this was a Whonix specific script. 9 | ## Prefer the eventually existing older version. 10 | build_version_file="/usr/share/whonix/build_timestamp" 11 | elif [ -f "/var/lib/anon-dist/build_version" ]; then 12 | ## Legacy. 13 | build_version_file="/var/lib/anon-dist/build_version" 14 | elif [ -f "/var/lib/dist-base-files/build_version" ]; then 15 | ## Legacy. 16 | build_version_file="/var/lib/dist-base-files/build_version" 17 | fi 18 | } 19 | 20 | get_build_timestamp() { 21 | BUILD_UNIXTIME="$(date -r "$build_version_file" +%s)" 22 | BUILD_TIME="$(date -r "$build_version_file")" 23 | } 24 | 25 | get_build_version() { 26 | BUILD_VERSION="$(cat "$build_version_file")" 27 | } 28 | 29 | get_build_version_file 30 | get_build_timestamp 31 | get_build_version 32 | 33 | echo "BUILD_VERSION='$BUILD_VERSION'" 34 | echo "BUILD_UNIXTIME='$BUILD_UNIXTIME'" 35 | echo "BUILD_TIME='$BUILD_TIME'" 36 | -------------------------------------------------------------------------------- /usr/bin/dsudo: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Copyright (C) 2019 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | SUDO_ASKPASS=/usr/libexec/derivative-base-files/askpass-default sudo -A "$@" 7 | -------------------------------------------------------------------------------- /usr/lib/qubes-bind-dirs.d/40_dist-base-files.conf: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | ## https://github.com/Kicksecure/dist-base-files/blob/master/lib/systemd/system/dist-base-files-skel-first-boot.service 5 | ## https://github.com/Kicksecure/helper-scripts/blob/master/usr/libexec/helper-scripts/first-boot-skel 6 | ## https://forums.whonix.org/t/bug-not-all-files-form-etc-skel-are-copied-to-home-user-create-user-user-at-boot-time/18526 7 | binds+=( '/var/cache/anon-base-files' ) 8 | -------------------------------------------------------------------------------- /usr/lib/systemd/system/dist-skel-first-boot.service: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | [Unit] 5 | Description=/home/user from /etc/skel Population at First Boot Service 6 | Documentation=https://github.com/Whonix/dist-base-files 7 | 8 | After=qubes-mount-dirs.service 9 | After=qubes-mount-home.service 10 | 11 | [Service] 12 | Type=oneshot 13 | RemainAfterExit=yes 14 | ExecStart=/usr/libexec/helper-scripts/first-boot-skel 15 | 16 | [Install] 17 | WantedBy=multi-user.target 18 | -------------------------------------------------------------------------------- /usr/libexec/derivative-base-files/askpass-default: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Copyright (C) 2019 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | if [ "$sudo_password" = "" ]; then 7 | sudo_password="changeme" 8 | fi 9 | 10 | echo "$sudo_password" 11 | -------------------------------------------------------------------------------- /usr/libexec/derivative-base-files/repart-enable: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | set -x 7 | set -e 8 | set -o pipefail 9 | 10 | mkdir --parents -- /usr/lib/repart.d 11 | cp --verbose -- /usr/share/derivative-base-files/repart-d_50-root.conf /usr/lib/repart.d/50-root.conf 12 | mkdir --parents -- /etc/dracut.conf.d 13 | cp --verbose -- /usr/share/derivative-base-files/dracut-conf-d_30-repart.conf /etc/dracut.conf.d/30-repart.conf 14 | -------------------------------------------------------------------------------- /usr/share/derivative-base-files/20_dist-base-files.cfg: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2025 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | ## Do not edit this file! 5 | ## Please create and add modifications to the following file instead: 6 | ## /etc/default/grub.d/50_user.cfg 7 | ## 8 | ## User documentation: 9 | ## https://www.kicksecure.com/wiki/grub 10 | ## 11 | ## Developer documentation: 12 | ## https://www.kicksecure.com/wiki/Dev/boot 13 | 14 | GRUB_CMDLINE_LINUX="" 15 | GRUB_TERMINAL="" 16 | GRUB_TERMINAL_OUTPUT="" 17 | GRUB_SERIAL_COMMAND="" 18 | GRUB_CMDLINE_LINUX_DEFAULT="quiet" 19 | -------------------------------------------------------------------------------- /usr/share/derivative-base-files/dracut-conf-d_30-repart.conf: -------------------------------------------------------------------------------- 1 | add_dracutmodules+=" systemd-repart " 2 | -------------------------------------------------------------------------------- /usr/share/derivative-base-files/repart-d_50-root.conf: -------------------------------------------------------------------------------- 1 | [Partition] 2 | Type=root 3 | -------------------------------------------------------------------------------- /usr/share/derivative-base-files/sudo-default-password-lecture: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kicksecure/dist-base-files/ee6bfdc2ebab88662c9fd5c687c223a3239c5ae6/usr/share/derivative-base-files/sudo-default-password-lecture -------------------------------------------------------------------------------- /usr/share/distro-info/kicksecure.csv: -------------------------------------------------------------------------------- 1 | version,codename,series,created,release,eol,eol-lts,eol-elts 2 | 17,,,,,,, 3 | -------------------------------------------------------------------------------- /usr/share/distro-info/kicksecure.csv.readme: -------------------------------------------------------------------------------- 1 | example file format with 'eol' set 2 | 3 | version,codename,series,created,release,eol,eol-lts,eol-elts 4 | 17,,,,,2026-06-10,, 5 | 6 | discussion: 7 | https://github.com/QubesOS/qubes-core-agent-linux/pull/481 8 | -------------------------------------------------------------------------------- /usr/share/lintian/overrides/dist-base-files: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2024 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | ## Not documentation. 5 | package-contains-documentation-outside-usr-share-doc [usr/share/distro-info/kicksecure.csv.readme] 6 | 7 | ## It's a inline grub snippet. Not part of she sh script. 8 | ## Fork of /etc/grub.d/10_linux with minimal modifications. 9 | dist-base-files: bash-term-in-posix-shell 'function gfxmode' [etc/grub.d/10_00_linux_dist:245] 10 | 11 | ## config-package-dev creates that folder. 12 | dist-base-files: package-contains-empty-directory [usr/share/dist-base-files/] 13 | -------------------------------------------------------------------------------- /var/lib/dbus/machine-id: -------------------------------------------------------------------------------- 1 | b08dfa6083e7567a1921a715000001fb 2 | --------------------------------------------------------------------------------