smoser/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Flash, Java and Firefox in a functional container

Revisit the days of yesteryear by running unsupported and abandoned and security-vulnerability infested software.
This will build a container with old enough versions of firefox, flash and java to all work together.
My purpose was to access a non-updated Cisco Integrated Management Controller (CIMC). Older versions used flash-only but required java plugin for KVM access.
It should be obvious to the reader that running out of date software might not be a good idea.
How to build

build the container

$ cname=build1
$ lxc launch ubuntu-minimal-daily:bionic $cname
$ lxc exec $cname -- cloud-init status --wait
$ lxc file push container/setup $cname/tmp/setup
$ lxc exec $cname -- /tmp/setup
$ lxc exec $cname -- rm /tmp/setup
$ lxc stop $cname

If you wanted to publish the image, that would look like this:
# publish the container as an image locally
$ lxc publish $cname --alias=my-$cname
Container published with fingerprint: 613f4b07fb6844f92aaf496de3e77a96687c4126780e70eec1678dec55b16262

# get its hash and export
$ hash=613f4b07fb6844f92aaf496de3e77a96687c4126780e70eec1678dec55b16262
$ lxc image export my-$cname

# publish it elsewhere (with image import)
lxc image import --alias=flash-java-firefox "$hash.tar.gz" lxc-remote-name:

Details

This container has:

out of date firefox (firefox 50) - newer versions of firefox disabled
out of date flash player (32_0r0_371)
out of date icedtea 1.6.2-3.1ubuntu3 (from ubuntu archive)

Downloads of firefox and flash player are left in:
/opt/dl/firefox-50.0.tar.bz2
/opt/dl/flashplayer32_0r0_371_linux.x86_64.tar.gz 

They were downloaded from the interwebs:

flashplayer32_0r0_371_linux.x86_64.tar.gz
firefox-50.0.tar.bz2

% md5sum *
08982adb570fd139ed404468a5ba3909  firefox-50.0.tar.bz2
a20bb3725ea35e0611386d27ceb19305  flashplayer32_0r0_371_linux.x86_64.tar.gz

% sha256sum *
781a92e663f0abf84eee6f8577d30f11900f4b67a7ac12eea92df0fd9de0e50a  firefox-50.0.tar.bz2
62c1a22af9d3e8cf3f3a219100482d8e274343641bf575cfb312ba1ee50389fd  flashplayer32_0r0_371_linux.x86_64.tar.gz


## setup
#!/bin/bash
FLASH_URL="https://archive.org/download/flashplayer_old/flashplayer32_0r0_371_linux.x86_64.tar.gz"
FIREFOX_URL="https://ftp.mozilla.org/pub/firefox/releases/50.0/linux-x86_64/en-US/firefox-50.0.tar.bz2"
VERBOSITY=1
TEMP_D=""

error() { echo "$@" 1>&2; }
fail() { local r=$?;  [ $r -eq 0 ] && r=1; failrc "$r" "$@"; }
failrc() { local r=$1; shift; [ $# -eq 0 ] || error "$@"; exit $r; }

Usage() {
    cat <<EOF
Usage: ${0##*/} [ options ]

   set up a system to be firefox/flash/java functional.

   options:
      --user USER  USER     non-root user name
EOF
}

bad_Usage() { Usage 1>&2; [ $# -eq 0 ] || error "$@"; return 1; }
cleanup() {
    [ -z "${TEMP_D}" -o ! -d "${TEMP_D}" ] || rm -Rf "${TEMP_D}"
}

debug() {
    local level=${1}; shift;
    [ "${level}" -gt "${VERBOSITY}" ] && return
    error "${@}"
}

cat_readme() {
    cat <<EOF
Old versions of cimc firmware have only a flash interface and use
java to launch the remote kvm.
The goal of this container is to run flash and java plugins for in firefox.

Details about how that was accomplished below.

To just get going, you can either:

   * run vnc4server and then connect with a vnc client.
   * 'ssh -X' into the system as 'ubuntu' (put your keys in
      /home/ubuntu/.ssh/authorized_keys)

Firefox should be set up and ready to go for the ubuntu user.

If you run as another user, some key things to remember:
 * launch firefox
 * go to 'about:addons' and 'plugins' set IcedTea (java) and
   Shockwave Flash to 'always activate'.  You may not be able to chose
   'always' for shockwave.
 * You may have to hit the shockwave flash icon to the left of the url bar
   if flash doesn't automatically start.

Also, for java: Keep saying 'yes'. You trust them, you really trust them....

== Details ==
This container has:
 * out of date firefox (firefox 50) -
 * out of date flash player (32_0r0_371)
 * out of date icedtea 1.6.2-3.1ubuntu3 (from ubuntu archive)

Downloads of firefox and flash player are in:
   /opt/dl/firefox-50.0.tar.bz2
   /opt/dl/flashplayer32_0r0_371_linux.x86_64.tar.gz

They were downloaded from the interwebs:
   https://archive.org/download/flashplayer_old/flashplayer32_0r0_371_linux.x86_64.tar.gz
   https://ftp.mozilla.org/pub/firefox/releases/50.0/linux-x86_64/en-US/firefox-50.0.tar.bz2

root@minb1:/opt/dl# md5sum *
08982adb570fd139ed404468a5ba3909  firefox-50.0.tar.bz2
a20bb3725ea35e0611386d27ceb19305  flashplayer32_0r0_371_linux.x86_64.tar.gz
root@minb1:/opt/dl# sha256sum *
781a92e663f0abf84eee6f8577d30f11900f4b67a7ac12eea92df0fd9de0e50a  firefox-50.0.tar.bz2
62c1a22af9d3e8cf3f3a219100482d8e274343641bf575cfb312ba1ee50389fd  flashplayer32_0r0_371_linux.x86_64.tar.gz

EOF
}

user_setup() {
    local user="$1"
    local home="/home/$user"
    local bindir="$home/bin" pubd="$home/pub"
    mkdir -p "$bindir" "$pubd" || fail "failed creating dirs in $home"

    PATH=$bindir:$PATH

    cd "$home" || fail "failed to cd $home as $user"

    [ -d .ssh ] || mkdir .ssh || fail "failed mkdir .ssh"
    chmod 700 .ssh
    touch .ssh/authorized_keys
    chmod 600 .ssh/authorized_keys

    ln -s /README.txt .
    rm -Rf "$home/.local" "$home/.cache"
}

main() {
    local short_opts="hv"
    local long_opts="help,user:,verbose"
    local getopt_out=""
    getopt_out=$(getopt --name "${0##*/}" \
        --options "${short_opts}" --long "${long_opts}" -- "$@") &&
        eval set -- "${getopt_out}" ||
        { bad_Usage; return; }

    local cur="" next="" user="ubuntu"

    while [ $# -ne 0 ]; do
        cur="$1"; next="$2";
        case "$cur" in
            -h|--help) Usage ; exit 0;;
               --user) user=$next; shift;;
            -v|--verbose) VERBOSITY=$((${VERBOSITY}+1));;
            --) shift; break;;
        esac
        shift;
    done

    # [ $# -ne 0 ] || { bad_Usage "must provide arguments"; return; }

    TEMP_D=$(mktemp -d "${TMPDIR:-/tmp}/${0##*/}.XXXXXX") ||
        fail "failed to make tempdir"
    trap cleanup EXIT

    # program starts here

    [ "$(id -u)" = "0" ] || fail "Expect to be root. sorry.";
    [ -d "/home/$user" ] ||
        fail "/home/$user does not exist"

    debug 1 "massaging apt for faster performance"
    ## Generally make apt go faster, less stuff.
    # remove i386 if present
    if dpkg --print-foreign-architectures | grep -q i386; then
        dpkg --remove-architecture i386
        debug 1 "removed foreign arch i386"
    fi

    local f=""
    f="/etc/apt/apt.conf.d/99notranslations"
    if [ ! -f "$f" ]; then
        echo 'Acquire::Languages "none";' > "$f" &&
            rm -f /var/lib/apt/lists/*Translation* ||
            fail "failed to remove translations."
        debug 1 "removed translations config for apt"
    fi

    # https://askubuntu.com/questions/823329/how-do-i-disable-fetching-of-dep-11-files
    f="/etc/apt/apt.conf.d/50appstream"
    if [ -f "$f" ]; then
       rm -f "$f" || fail "Failed to remove appstream apt config"
       debug 1 "removed appstream config for apt."
    fi

    f="/etc/apt/apt.conf.d/50command-not-found"
    if [ -f "$f" ]; then
        rm -f "$f" || fail "failed removing command-not-found config"
        debug 1 "removed command not found apt config"
    fi

    local easl="/etc/apt/sources.list" f=""
    f=/etc/cloud/cloud.cfg.d/99_preserve_sources.cfg
    if [ -d "${f%/*}" ]; then
        echo 'apt_preserve_sources_list: true' > "$f" ||
            fail "failed writing $f"
    fi

    local rel="" mirror="http://us.archive.ubuntu.com/ubuntu/"
    rel=$(lsb_release -sc) || fail "failed to get release"
    cat >"$easl" <<EOF
deb $mirror $rel main restricted universe
deb $mirror $rel-updates main restricted universe
EOF

    debug 1 "disabling auto-upgrades"
    sed -i 's/1/0/' /etc/apt/apt.conf.d/20auto-upgrades ||
        fail "failed to disable auto-upgrades"

    cat_readme > /README.txt &&
        ln -s /README.txt /root/README.txt ||
        fail "failed to write /README.txt"

    mkdir -p /opt/dl && cd /opt/dl ||
        fail "failed mkdir /opt/dl"
    local flashtball="${FLASH_URL##*/}" ffoxtball="${FIREFOX_URL##*/}"
    debug 1 "Getting flash to $PWD/${flashtball}"
    wget "${FLASH_URL}" -O "${flashtball}" ||
        fail "download failed: $FLASH_URL"
    debug 1 "getting firefox to $PWD/$ffoxtball"
    wget "${FIREFOX_URL}" -O "${ffoxtball}" ||
        fail "download failed: $FIREFOX_URL"

    md5sum "${flashtball}" "${ffoxtball}" || fail "failed md5sum"

    tar -C /opt -xf "$ffoxtball" ||
        fail "failed to extract firefox tarball"
    local pdir="/usr/lib/mozilla/plugins"
    mkdir -p "$pdir" || fail "failed create"
    tar -C "$pdir" -xf "$flashtball" libflashplayer.so ||
        fail "failed extracting."
    [ -f "$pdir/libflashplayer.so" ] ||
        fail "extraction did not produce libflashplayer.so"

    ln -s ../../opt/firefox/firefox /usr/bin/firefox ||
        fail "failed to link firefox into /usr/bin"

    # https://support.mozilla.org/en-US/questions/901549
    local ffdir="/opt/firefox"
    cat > "$ffdir/defaults/pref/local-settings.js" <<"EOF"
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0); // use this to disable the byte-shift
EOF

    cat > "$ffdir/mozilla.cfg" <<"EOF"
// lockPref("app.update.enabled", false);
// defaultPref("app.update.enabled", false);
pref("app.update.enabled", false);
pref("browser.shell.checkDefaultBrowser", false)
EOF

    # iced tea version is from bionic GA
    # vnc4server needs xfonts-base.
    local pkgs="" itver="1.6.2-3.1ubuntu3"
    pkgs=(
        "icedtea-netx=$itver"
        "icedtea-netx-common=$itver"
        "icedtea-8-plugin=$itver"
        libgtk-3-0
        libdbus-glib-1-2
        vim-tiny
        blackbox xterm
        vnc4server xfonts-base
    )

    apt-get update -qy || fail "failed apt-get update"
    apt-get install --no-install-recommends --quiet --assume-yes \
        "${pkgs[@]}"  || fail "failed installing packages."

    sudo -Hu "$user" -- "$0" user-setup "$user" || fail "failed user-setup"

    apt-get --quiet --assume-yes autoremove || fail "failed autoremove"
    apt-get clean || fail "failed apt clean"

    if command -v cloud-init; then
        cloud-init clean --logs || fail "failed cloud-init clean"
    fi

    rm -Rf /var/lib/apt/lists ||
        fail "failed to remove /var/lib/apt/lists"

    echo "all done!"
}

if [ "$1" = "user-setup" ]; then
    shift
    user_setup "$@"
else
    main "$@"
fi
# vi: ts=4 expandtab
	#!/bin/bash
	FLASH_URL="https://archive.org/download/flashplayer_old/flashplayer32_0r0_371_linux.x86_64.tar.gz"
	FIREFOX_URL="https://ftp.mozilla.org/pub/firefox/releases/50.0/linux-x86_64/en-US/firefox-50.0.tar.bz2"
	VERBOSITY=1
	TEMP_D=""

	error() { echo "$@" 1>&2; }
	fail() { local r=$?; [ $r -eq 0 ] && r=1; failrc "$r" "$@"; }
	failrc() { local r=$1; shift; [ $# -eq 0 ] \|\| error "$@"; exit $r; }

	Usage() {
	cat <<EOF
	Usage: ${0##*/} [ options ]

	set up a system to be firefox/flash/java functional.

	options:
	--user USER USER non-root user name
	EOF
	}

	bad_Usage() { Usage 1>&2; [ $# -eq 0 ] \|\| error "$@"; return 1; }
	cleanup() {
	[ -z "${TEMP_D}" -o ! -d "${TEMP_D}" ] \|\| rm -Rf "${TEMP_D}"
	}

	debug() {
	local level=${1}; shift;
	[ "${level}" -gt "${VERBOSITY}" ] && return
	error "${@}"
	}

	cat_readme() {
	cat <<EOF
	Old versions of cimc firmware have only a flash interface and use
	java to launch the remote kvm.
	The goal of this container is to run flash and java plugins for in firefox.

	Details about how that was accomplished below.

	To just get going, you can either:

	* run vnc4server and then connect with a vnc client.
	* 'ssh -X' into the system as 'ubuntu' (put your keys in
	/home/ubuntu/.ssh/authorized_keys)

	Firefox should be set up and ready to go for the ubuntu user.

	If you run as another user, some key things to remember:
	* launch firefox
	* go to 'about:addons' and 'plugins' set IcedTea (java) and
	Shockwave Flash to 'always activate'. You may not be able to chose
	'always' for shockwave.
	* You may have to hit the shockwave flash icon to the left of the url bar
	if flash doesn't automatically start.

	Also, for java: Keep saying 'yes'. You trust them, you really trust them....

	== Details ==
	This container has:
	* out of date firefox (firefox 50) -
	* out of date flash player (32_0r0_371)
	* out of date icedtea 1.6.2-3.1ubuntu3 (from ubuntu archive)

	Downloads of firefox and flash player are in:
	/opt/dl/firefox-50.0.tar.bz2
	/opt/dl/flashplayer32_0r0_371_linux.x86_64.tar.gz

	They were downloaded from the interwebs:
	https://archive.org/download/flashplayer_old/flashplayer32_0r0_371_linux.x86_64.tar.gz
	https://ftp.mozilla.org/pub/firefox/releases/50.0/linux-x86_64/en-US/firefox-50.0.tar.bz2

	root@minb1:/opt/dl# md5sum *
	08982adb570fd139ed404468a5ba3909 firefox-50.0.tar.bz2
	a20bb3725ea35e0611386d27ceb19305 flashplayer32_0r0_371_linux.x86_64.tar.gz
	root@minb1:/opt/dl# sha256sum *
	781a92e663f0abf84eee6f8577d30f11900f4b67a7ac12eea92df0fd9de0e50a firefox-50.0.tar.bz2
	62c1a22af9d3e8cf3f3a219100482d8e274343641bf575cfb312ba1ee50389fd flashplayer32_0r0_371_linux.x86_64.tar.gz

	EOF
	}

	user_setup() {
	local user="$1"
	local home="/home/$user"
	local bindir="$home/bin" pubd="$home/pub"
	mkdir -p "$bindir" "$pubd" \|\| fail "failed creating dirs in $home"

	PATH=$bindir:$PATH

	cd "$home" \|\| fail "failed to cd $home as $user"

	[ -d .ssh ] \|\| mkdir .ssh \|\| fail "failed mkdir .ssh"
	chmod 700 .ssh
	touch .ssh/authorized_keys
	chmod 600 .ssh/authorized_keys

	ln -s /README.txt .
	rm -Rf "$home/.local" "$home/.cache"
	}

	main() {
	local short_opts="hv"
	local long_opts="help,user:,verbose"
	local getopt_out=""
	getopt_out=$(getopt --name "${0##*/}" \
	--options "${short_opts}" --long "${long_opts}" -- "$@") &&
	eval set -- "${getopt_out}" \|\|
	{ bad_Usage; return; }

	local cur="" next="" user="ubuntu"

	while [ $# -ne 0 ]; do
	cur="$1"; next="$2";
	case "$cur" in
	-h\|--help) Usage ; exit 0;;
	--user) user=$next; shift;;
	-v\|--verbose) VERBOSITY=$((${VERBOSITY}+1));;
	--) shift; break;;
	esac
	shift;
	done

	# [ $# -ne 0 ] \|\| { bad_Usage "must provide arguments"; return; }

	TEMP_D=$(mktemp -d "${TMPDIR:-/tmp}/${0##*/}.XXXXXX") \|\|
	fail "failed to make tempdir"
	trap cleanup EXIT

	# program starts here

	[ "$(id -u)" = "0" ] \|\| fail "Expect to be root. sorry.";
	[ -d "/home/$user" ] \|\|
	fail "/home/$user does not exist"

	debug 1 "massaging apt for faster performance"
	## Generally make apt go faster, less stuff.
	# remove i386 if present
	if dpkg --print-foreign-architectures \| grep -q i386; then
	dpkg --remove-architecture i386
	debug 1 "removed foreign arch i386"
	fi

	local f=""
	f="/etc/apt/apt.conf.d/99notranslations"
	if [ ! -f "$f" ]; then
	echo 'Acquire::Languages "none";' > "$f" &&
	rm -f /var/lib/apt/lists/Translation \|\|
	fail "failed to remove translations."
	debug 1 "removed translations config for apt"
	fi

	# https://askubuntu.com/questions/823329/how-do-i-disable-fetching-of-dep-11-files
	f="/etc/apt/apt.conf.d/50appstream"
	if [ -f "$f" ]; then
	rm -f "$f" \|\| fail "Failed to remove appstream apt config"
	debug 1 "removed appstream config for apt."
	fi

	f="/etc/apt/apt.conf.d/50command-not-found"
	if [ -f "$f" ]; then
	rm -f "$f" \|\| fail "failed removing command-not-found config"
	debug 1 "removed command not found apt config"
	fi

	local easl="/etc/apt/sources.list" f=""
	f=/etc/cloud/cloud.cfg.d/99_preserve_sources.cfg
	if [ -d "${f%/*}" ]; then
	echo 'apt_preserve_sources_list: true' > "$f" \|\|
	fail "failed writing $f"
	fi

	local rel="" mirror="http://us.archive.ubuntu.com/ubuntu/"
	rel=$(lsb_release -sc) \|\| fail "failed to get release"
	cat >"$easl" <<EOF
	deb $mirror $rel main restricted universe
	deb $mirror $rel-updates main restricted universe
	EOF

	debug 1 "disabling auto-upgrades"
	sed -i 's/1/0/' /etc/apt/apt.conf.d/20auto-upgrades \|\|
	fail "failed to disable auto-upgrades"

	cat_readme > /README.txt &&
	ln -s /README.txt /root/README.txt \|\|
	fail "failed to write /README.txt"

	mkdir -p /opt/dl && cd /opt/dl \|\|
	fail "failed mkdir /opt/dl"
	local flashtball="${FLASH_URL##/}" ffoxtball="${FIREFOX_URL##/}"
	debug 1 "Getting flash to $PWD/${flashtball}"
	wget "${FLASH_URL}" -O "${flashtball}" \|\|
	fail "download failed: $FLASH_URL"
	debug 1 "getting firefox to $PWD/$ffoxtball"
	wget "${FIREFOX_URL}" -O "${ffoxtball}" \|\|
	fail "download failed: $FIREFOX_URL"

	md5sum "${flashtball}" "${ffoxtball}" \|\| fail "failed md5sum"

	tar -C /opt -xf "$ffoxtball" \|\|
	fail "failed to extract firefox tarball"
	local pdir="/usr/lib/mozilla/plugins"
	mkdir -p "$pdir" \|\| fail "failed create"
	tar -C "$pdir" -xf "$flashtball" libflashplayer.so \|\|
	fail "failed extracting."
	[ -f "$pdir/libflashplayer.so" ] \|\|
	fail "extraction did not produce libflashplayer.so"

	ln -s ../../opt/firefox/firefox /usr/bin/firefox \|\|
	fail "failed to link firefox into /usr/bin"

	# https://support.mozilla.org/en-US/questions/901549
	local ffdir="/opt/firefox"
	cat > "$ffdir/defaults/pref/local-settings.js" <<"EOF"
	pref("general.config.filename", "mozilla.cfg");
	pref("general.config.obscure_value", 0); // use this to disable the byte-shift
	EOF

	cat > "$ffdir/mozilla.cfg" <<"EOF"
	// lockPref("app.update.enabled", false);
	// defaultPref("app.update.enabled", false);
	pref("app.update.enabled", false);
	pref("browser.shell.checkDefaultBrowser", false)
	EOF

	# iced tea version is from bionic GA
	# vnc4server needs xfonts-base.
	local pkgs="" itver="1.6.2-3.1ubuntu3"
	pkgs=(
	"icedtea-netx=$itver"
	"icedtea-netx-common=$itver"
	"icedtea-8-plugin=$itver"
	libgtk-3-0
	libdbus-glib-1-2
	vim-tiny
	blackbox xterm
	vnc4server xfonts-base
	)

	apt-get update -qy \|\| fail "failed apt-get update"
	apt-get install --no-install-recommends --quiet --assume-yes \
	"${pkgs[@]}" \|\| fail "failed installing packages."

	sudo -Hu "$user" -- "$0" user-setup "$user" \|\| fail "failed user-setup"

	apt-get --quiet --assume-yes autoremove \|\| fail "failed autoremove"
	apt-get clean \|\| fail "failed apt clean"

	if command -v cloud-init; then
	cloud-init clean --logs \|\| fail "failed cloud-init clean"
	fi

	rm -Rf /var/lib/apt/lists \|\|
	fail "failed to remove /var/lib/apt/lists"

	echo "all done!"
	}

	if [ "$1" = "user-setup" ]; then
	shift
	user_setup "$@"
	else
	main "$@"
	fi
	# vi: ts=4 expandtab