First public release (v0.4.0)

tools/hooks/00-install-ksk-packages.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+# Installs KSK software and XFCE customisation from Debian packages
+
+set -x   # Print each command before executing it
+set -e   # Exit immediately should a command fail
+set -u   # Treat unset variables as an error and exit immediately
+
+PKG1="ksk-tools-0.1.0coen_amd64.deb"
+SHAPKG1="93e954744ec11e1d6837a792e26cc93b88f0735f7184337c4e65babca65503ab  -"
+
+PKG2="ksk-xfce-custom-0.1.0coen_amd64.deb"
+SHAPKG2="2080347093bc714b92d2f02e9c19e51ca23804776c2b52958c25630330b25f1d  -"
+
+for PKG in "${PKG1} ${SHAPKG1}" "${PKG2} ${SHAPKG2}"
+do
+	set -- $PKG # parses variable PKG $1 name and $2 hash and $3 "-"
+	cp $PACKAGE_DIR/$1 $WD/chroot/tmp
+	echo "Calculating SHA-256 HASH of the $1"
+	HASH=$(sha256sum < "$WD/chroot/tmp/$1")
+		if [ "$HASH" != "$2  $3" ]
+		then
+			echo "ERROR: SHA-256 hashes mismatched"
+			exit 1
+		fi
+	debuerreotype-chroot $WD/chroot dpkg -i /tmp/$1
+	rm -f $WD/chroot/tmp/$1
+done
+
+# END

tools/hooks/01-fix-fontconfig-cache.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+# fontconfig generates non-reproducible cache files under
+# /var/cache/fontconfig
+# Reference https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864082
+# The fontconfig packages from tails fixed the above
+
+set -x   # Print each command before executing it
+set -e   # Exit immediately should a command fail
+set -u   # Treat unset variables as an error and exit immediately
+
+PKG1="fontconfig-config_2.11.0-6.7.0tails4_all.deb"
+SHAPKG1="390fdc4c915aeed379196335e672d6a9af6677e6d675093f8855c85953aae246  -"
+
+PKG2="libfontconfig1_2.11.0-6.7.0tails4_amd64.deb"
+SHAPKG2="933adbbead4fd8ced095b5f43fd82b092298aaf95436d8b051b2ee9a4abee917  -"
+
+PKG3="fontconfig_2.11.0-6.7.0tails4_amd64.deb"
+SHAPKG3="892a2c0b4f8e4874161165cb253755b3bd695ce238b30c3b8e5447ff269c2740  -"
+
+for PKG in "${PKG1} ${SHAPKG1}" "${PKG2} ${SHAPKG2}" "${PKG3} ${SHAPKG3}"
+do
+	set -- $PKG # parses variable PKG $1 name and $2 hash and $3 "-"
+	cp $PACKAGE_DIR/$1 $WD/chroot/tmp
+	echo "Calculating SHA-256 HASH of the $1"
+	HASH=$(sha256sum < "$WD/chroot/tmp/$1")
+		if [ "$HASH" != "$2  $3" ]
+		then
+			echo "ERROR: SHA-256 hashes mismatched"
+			exit 1
+		fi
+	debuerreotype-chroot $WD/chroot dpkg -i /tmp/$1
+	rm -f $WD/chroot/tmp/$1
+done
+
+# END

tools/hooks/02-fix-initramfs-tools.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+# mkinitramfs generates non-reproducible ramdisk images
+# Reference https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845034
+# The initramfs-tools packages from tails fixed the above
+
+set -x   # Print each command before executing it
+set -e   # Exit immediately should a command fail
+set -u   # Treat unset variables as an error and exit immediately
+
+PKG1="initramfs-tools-core_0.130.0tails1_all.deb"
+SHAPKG1="db1d9dcd6d0c9587136c5a65419ee9eaa7a8a20c163dd2718cd826056a893819  -"
+
+PKG2="initramfs-tools_0.130.0tails1_all.deb"
+SHAPKG2="36c39407b505015a80e666726018edad37211d594b862238475d59d3de4e0da9  -"
+
+for PKG in "${PKG1} ${SHAPKG1}" "${PKG2} ${SHAPKG2}"
+do
+	set -- $PKG # parses variable PKG $1 name and $2 hash and $3 "-"
+	cp $PACKAGE_DIR/$1 $WD/chroot/tmp
+	echo "Calculating SHA-256 HASH of the $1"
+	HASH=$(sha256sum < "$WD/chroot/tmp/$1")
+		if [ "$HASH" != "$2  $3" ]
+		then
+			echo "ERROR: SHA-256 hashes mismatched"
+			exit 1
+		fi
+	debuerreotype-chroot $WD/chroot dpkg -i /tmp/$1
+	rm -f $WD/chroot/tmp/$1
+done
+
+# END

tools/hooks/03-fix-gtk-immodules-cache.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+# gtk+2.0 and gtk+3.0 immodules.cache is not reproducible
+# Reference https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872729
+# and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875700
+# The gtk+ packages from tails fixed the above
+
+set -x   # Print each command before executing it
+set -e   # Exit immediately should a command fail
+set -u   # Treat unset variables as an error and exit immediately
+
+PKG1="libgtk2.0-common_2.24.31-2.0tails1_all.deb"
+SHAPKG1="0862890d70bafeb6b4a7a1c1da05c90569e0147522d6526fad6d146d6335b79f  -"
+
+PKG2="libgtk2.0-0_2.24.31-2.0tails1_amd64.deb"
+SHAPKG2="a0ae2652c5ca8461752f17ab22aa385c588481351b7b4aeb199a3d23d6479c34  -"
+
+PKG3="gir1.2-gtk-3.0_3.22.11-1.0tails1_amd64.deb"
+SHAPKG3="01db265c90f351367c73cd7ecedeca2f490374579320c5240feecdc70040917e  -"
+
+PKG4="gtk-update-icon-cache_3.22.11-1.0tails1_amd64.deb"
+SHAPKG4="4e49e6161a93424700ced09d0225574d3f6dd406ba9f9e14c36a50e870faab16  -"
+
+PKG5="libgtk-3-common_3.22.11-1.0tails1_all.deb"
+SHAPKG5="605e3c77857d9c55932c7f497f56c70d46af65af59600e5507f42aea3832a848  -"
+
+PKG6="libgtk-3-0_3.22.11-1.0tails1_amd64.deb"
+SHAPKG6="a8946b779ccf305da8dadefa9d7d9402ccfe756246dd70a251e4375076a83648  -"
+
+for PKG in "${PKG1} ${SHAPKG1}" "${PKG2} ${SHAPKG2}" "${PKG3} ${SHAPKG3}" "${PKG4} ${SHAPKG4}" "${PKG5} ${SHAPKG5}" "${PKG6} ${SHAPKG6}"
+do
+	set -- $PKG # parses variable PKG $1 name and $2 hash and $3 "-"
+	cp $PACKAGE_DIR/$1 $WD/chroot/tmp
+	echo "Calculating SHA-256 HASH of the $1"
+	HASH=$(sha256sum < "$WD/chroot/tmp/$1")
+		if [ "$HASH" != "$2  $3" ]
+		then
+			echo "ERROR: SHA-256 hashes mismatched"
+			exit 1
+		fi
+	debuerreotype-chroot $WD/chroot dpkg -i /tmp/$1
+	rm -f $WD/chroot/tmp/$1
+done
+
+# END

tools/hooks/04-fix-gdk-pixbuf-glib2.0-shadow.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# gdk-pixbuf's loaders.cache is not reproducible
+# Reference https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875704
+# giomodule.cache is not reproducible
+# Reference https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873625
+# The file /etc/shadow is not reproducible
+# Reference https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857803
+# The packages from sid (unstable) fixed the above
+
+set -x   # Print each command before executing it
+set -e   # Exit immediately should a command fail
+set -u   # Treat unset variables as an error and exit immediately
+
+# Adding sid (unstable) to /etc/apt/sources.list
+debuerreotype-chroot $WD/chroot sed -i "$ a\deb \
+http://snapshot.debian.org/archive/debian/$(date --date "$DATE" '+%Y%m%dT%H%M%SZ') \
+sid main" /etc/apt/sources.list
+
+# Installing sid (unstable) packages
+debuerreotype-apt-get $WD/chroot update
+debuerreotype-chroot $WD/chroot DEBIAN_FRONTEND=noninteractive apt-get -o Acquire::Check-Valid-Until=false install \
+  --no-install-recommends --yes -t sid \
+	gir1.2-gdkpixbuf-2.0 libgdk-pixbuf2.0-common libgdk-pixbuf2.0-0 \
+	libglib2.0-0 \
+	login passwd
+debuerreotype-apt-get $WD/chroot --yes --purge autoremove
+debuerreotype-apt-get $WD/chroot --yes clean
+
+# Turning off the shadow passwords
+debuerreotype-chroot $WD/chroot shadowconfig off
+debuerreotype-chroot $WD/chroot rm -f /etc/shadow-
+
+# END

tools/hooks/05-fix-non-reproducible-files.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+# Fixing non-reproducible files
+
+set -x   # Print each command before executing it
+set -e   # Exit immediately should a command fail
+set -u   # Treat unset variables as an error and exit immediately
+
+# Truncating the snakeoil SSL key pair and deleting the symbolic link generated
+# by ssl-cert because is not reproducible
+
+debuerreotype-chroot $WD/chroot truncate -s 0 /etc/ssl/certs/ssl-cert-snakeoil.pem
+debuerreotype-chroot $WD/chroot truncate -s 0 /etc/ssl/private/ssl-cert-snakeoil.key
+debuerreotype-chroot $WD/chroot find "/etc/ssl/certs" -lname "ssl-cert-snakeoil.pem" -exec rm -f '{}' +
+
+# Truncating not reproducible file
+debuerreotype-chroot $WD/chroot truncate -s 0 /etc/machine-id
+
+# Removing python compiled bytecode
+debuerreotype-chroot $WD/chroot find "/usr" -name "*.pyc" -exec rm -f '{}' +
+
+# END