Compare commits
17 Commits
Author | SHA1 | Date |
---|---|---|
B.J. Dweck | dd43d98867 | |
B.J. Dweck | 171dc63701 | |
B.J. Dweck | 03890a3973 | |
B.J. Dweck | 9556d96872 | |
B.J. Dweck | 3615fdce98 | |
B.J. Dweck | fac7876b18 | |
B.J. Dweck | 8f3c43116e | |
B.J. Dweck | d58c7244ec | |
B.J. Dweck | d6babca3c7 | |
B.J. Dweck | 5d9bb8b017 | |
B.J. Dweck | 2df48bcb6c | |
B.J. Dweck | e315c692d9 | |
B.J. Dweck | 052631361a | |
B.J. Dweck | bc2505a534 | |
B.J. Dweck | ff9a6a2f5d | |
B.J. Dweck | 4f80f9a7e4 | |
B.J. Dweck | 0e722a9e71 |
52
README.md
52
README.md
|
@ -1,7 +1,16 @@
|
|||
# pi-gen
|
||||
# Burrow Pi Image
|
||||
|
||||
_Tool used to create the raspberrypi.org Raspbian images_
|
||||
This is a fork of the [pi-gen](https://github.com/RPi-Distro/pi-gen) project, the "tool used to create the raspberrypi.org Raspbian images". `pi-gen` serves as a decent base becuase it:
|
||||
|
||||
* Builds compact images that self-inflate on the device during the first boot
|
||||
* Provides a comfortable development workflow
|
||||
|
||||
I modified `pi-gen` with the following features:
|
||||
|
||||
* Rudefox Burrow installed
|
||||
* Auto-login
|
||||
* Read-only filesystem (as a security measure to prevent you from accidentally storing sensitive information on this low-security hardware)
|
||||
* Most user-space networking packages removed (kernel still included networking capabilities)
|
||||
|
||||
## Dependencies
|
||||
|
||||
|
@ -29,13 +38,21 @@ environment variables.
|
|||
|
||||
The following environment variables are supported:
|
||||
|
||||
* `IMG_NAME` **required** (Default: unset)
|
||||
* `IMG_NAME` (Default: `RudefoxBurrow`)
|
||||
|
||||
The name of the image to build with the current stage directories. Setting
|
||||
`IMG_NAME=Raspbian` is logical for an unmodified RPi-Distro/pi-gen build,
|
||||
but you should use something else for a customized version. Export files
|
||||
in stages may add suffixes to `IMG_NAME`.
|
||||
|
||||
* `RUDEFOX_REPO_USERNAME` (Default: `anonymous`)
|
||||
|
||||
If the value is set to `anonymous`, then Burrow is pulled from the publicly available Rudefox repository. Otherwise, the build attempts to login to the Rudefox private repository for access to SNAPSHOT builds using the provided `RUDEFOX_REPO_USERNAME` / `RUDEFOX_REPO_PASSWORD` credentials.
|
||||
|
||||
* `RUDEFOX_BURROW_VERSION` (Default: `latest`)
|
||||
|
||||
If the value is set to `latest`, then the latest version is pulled from the Rudefox repository and installed. Otherwise, the specified version is downloadedand installed.
|
||||
|
||||
* `RELEASE` (Default: buster)
|
||||
|
||||
The release version to build images against. Valid values are jessie, stretch
|
||||
|
@ -83,15 +100,23 @@ The following environment variables are supported:
|
|||
Setting to '1' enables the QEMU mode - creating an image that can be mounted via QEMU for an emulated
|
||||
environment. These images include "-qemu" in the image file name.
|
||||
|
||||
* `LOCALE_DEFAULT` (Default: "en_GB.UTF-8" )
|
||||
* `LOCALE_DEFAULT` (Default: "en_CA.UTF-8" )
|
||||
|
||||
Default system locale.
|
||||
|
||||
* `TARGET_HOSTNAME` (Default: "raspberrypi" )
|
||||
* `TARGET_HOSTNAME` (Default: "burrow" )
|
||||
|
||||
Setting the hostname to the specified value.
|
||||
|
||||
* `KEYBOARD_KEYMAP` (Default: "gb" )
|
||||
* `KEYBOARD_MODEL` (Default: "Generic 101-key PC" )
|
||||
|
||||
Default keyboard model.
|
||||
|
||||
To get the current value from a running system, run `debconf-show
|
||||
keyboard-configuration` and look at the
|
||||
`keyboard-configuration/model` value.
|
||||
|
||||
* `KEYBOARD_KEYMAP` (Default: "us" )
|
||||
|
||||
Default keyboard keymap.
|
||||
|
||||
|
@ -114,11 +139,11 @@ The following environment variables are supported:
|
|||
To get the current value from a running system, look in
|
||||
`/etc/timezone`.
|
||||
|
||||
* `FIRST_USER_NAME` (Default: "pi" )
|
||||
* `FIRST_USER_NAME` (Default: "rudefox" )
|
||||
|
||||
Username for the first user
|
||||
|
||||
* `FIRST_USER_PASS` (Default: "raspberry")
|
||||
* `FIRST_USER_PASS` (Default: "burrow")
|
||||
|
||||
Password for the first user
|
||||
|
||||
|
@ -130,14 +155,17 @@ The following environment variables are supported:
|
|||
|
||||
Setting to `1` will enable ssh server for remote log in. Note that if you are using a common password such as the defaults there is a high risk of attackers taking over you Raspberry Pi.
|
||||
|
||||
* `STAGE_LIST` (Default: `stage*`)
|
||||
* `STAGE_LIST` (Default: `stage[0-2]`)
|
||||
|
||||
If set, then instead of working through the numeric stages in order, this list will be followed. For example setting to `"stage0 stage1 mystage stage2"` will run the contents of `mystage` before stage2. Note that quotes are needed around the list. An absolute or relative path can be given for stages outside the pi-gen directory.
|
||||
The default setting builds only the "lite" image for Rudefox Burrow, which is all you need.
|
||||
|
||||
A simple example for building Raspbian:
|
||||
If set, then instead of working through the numeric stages in order, this list will be followed. For example setting to `"stage0 stage1 mystage stage2"` will run the contents of `mystage` before stage2. Note that quotes are needed around the list. An absolute or relative path can be given for stages outside the pi-gen directory.
|
||||
|
||||
A simple example for building RaspbianBurrow:
|
||||
|
||||
```bash
|
||||
IMG_NAME='Raspbian'
|
||||
APT_PROXY=http://172.17.10.10:3142
|
||||
TIMEZONE_DEFAULT="America/Toronto"
|
||||
```
|
||||
|
||||
The config file can also be specified on the command line as an argument the `build.sh` or `build-docker.sh` scripts.
|
||||
|
|
|
@ -48,12 +48,6 @@ CONTAINER_NAME=${CONTAINER_NAME:-pigen_work}
|
|||
CONTINUE=${CONTINUE:-0}
|
||||
PRESERVE_CONTAINER=${PRESERVE_CONTAINER:-0}
|
||||
|
||||
if [ -z "${IMG_NAME}" ]; then
|
||||
echo "IMG_NAME not set in 'config'" 1>&2
|
||||
echo 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Ensure the Git Hash is recorded before entering the docker container
|
||||
GIT_HASH=${GIT_HASH:-"$(git rev-parse HEAD)"}
|
||||
|
||||
|
|
21
build.sh
21
build.sh
|
@ -146,10 +146,10 @@ done
|
|||
export PI_GEN=${PI_GEN:-pi-gen}
|
||||
export PI_GEN_REPO=${PI_GEN_REPO:-https://github.com/RPi-Distro/pi-gen}
|
||||
|
||||
if [ -z "${IMG_NAME}" ]; then
|
||||
echo "IMG_NAME not set" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
export IMG_NAME="${IMG_NAME:-RasbianBurrow}"
|
||||
export RUDEFOX_REPO_USERNAME="${RUDEFOX_REPO_USERNAME:-anonymous}"
|
||||
export RUDEFOX_REPO_PASSWORD="${RUDEFOX_REPO_PASSWORD:-default}"
|
||||
export RUDEFOX_BURROW_VERSION="${RUDEFOX_BURROW_VERSION:-latest}"
|
||||
|
||||
export USE_QEMU="${USE_QEMU:-0}"
|
||||
export IMG_DATE="${IMG_DATE:-"$(date +%Y-%m-%d)"}"
|
||||
|
@ -162,19 +162,20 @@ export DEPLOY_DIR=${DEPLOY_DIR:-"${BASE_DIR}/deploy"}
|
|||
export DEPLOY_ZIP="${DEPLOY_ZIP:-1}"
|
||||
export LOG_FILE="${WORK_DIR}/build.log"
|
||||
|
||||
export TARGET_HOSTNAME=${TARGET_HOSTNAME:-raspberrypi}
|
||||
export TARGET_HOSTNAME=${TARGET_HOSTNAME:-burrow}
|
||||
|
||||
export FIRST_USER_NAME=${FIRST_USER_NAME:-pi}
|
||||
export FIRST_USER_PASS=${FIRST_USER_PASS:-raspberry}
|
||||
export FIRST_USER_NAME=${FIRST_USER_NAME:-rudefox}
|
||||
export FIRST_USER_PASS=${FIRST_USER_PASS:-burrow}
|
||||
export RELEASE=${RELEASE:-buster}
|
||||
export WPA_ESSID
|
||||
export WPA_PASSWORD
|
||||
export WPA_COUNTRY
|
||||
export ENABLE_SSH="${ENABLE_SSH:-0}"
|
||||
|
||||
export LOCALE_DEFAULT="${LOCALE_DEFAULT:-en_GB.UTF-8}"
|
||||
export LOCALE_DEFAULT="${LOCALE_DEFAULT:-en_CA.UTF-8}"
|
||||
|
||||
export KEYBOARD_KEYMAP="${KEYBOARD_KEYMAP:-gb}"
|
||||
export KEYBOARD_MODEL="${KEYBOARD_MODEL:-Generic 101-key PC}"
|
||||
export KEYBOARD_KEYMAP="${KEYBOARD_KEYMAP:-us}"
|
||||
export KEYBOARD_LAYOUT="${KEYBOARD_LAYOUT:-English (UK)}"
|
||||
|
||||
export TIMEZONE_DEFAULT="${TIMEZONE_DEFAULT:-Europe/London}"
|
||||
|
@ -229,7 +230,7 @@ fi
|
|||
mkdir -p "${WORK_DIR}"
|
||||
log "Begin ${BASE_DIR}"
|
||||
|
||||
STAGE_LIST=${STAGE_LIST:-${BASE_DIR}/stage*}
|
||||
STAGE_LIST=${STAGE_LIST:-${BASE_DIR}/stage[0-2]}
|
||||
|
||||
for STAGE_DIR in $STAGE_LIST; do
|
||||
STAGE_DIR=$(realpath "${STAGE_DIR}")
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -1,4 +1,4 @@
|
|||
ssh less fbset sudo psmisc strace ed ncdu crda
|
||||
less fbset sudo psmisc strace ed ncdu crda vim
|
||||
console-setup keyboard-configuration debconf-utils parted unzip
|
||||
build-essential manpages-dev python bash-completion gdb pkg-config
|
||||
python-rpi.gpio v4l-utils
|
||||
|
@ -6,26 +6,20 @@ avahi-daemon
|
|||
lua5.1
|
||||
luajit
|
||||
hardlink ca-certificates curl
|
||||
fake-hwclock nfs-common usbutils
|
||||
fake-hwclock usbutils
|
||||
libraspberrypi-dev libraspberrypi-doc libfreetype6-dev
|
||||
dosfstools
|
||||
dphys-swapfile
|
||||
raspberrypi-sys-mods
|
||||
pi-bluetooth
|
||||
apt-listchanges
|
||||
usb-modeswitch
|
||||
libpam-chksshpwd
|
||||
rpi-update
|
||||
libmtp-runtime
|
||||
rsync
|
||||
htop
|
||||
man-db
|
||||
policykit-1
|
||||
ssh-import-id
|
||||
rng-tools
|
||||
ethtool
|
||||
vl805fw
|
||||
ntfs-3g
|
||||
pciutils
|
||||
rpi-eeprom
|
||||
raspinfo
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
cifs-utils
|
|
@ -13,14 +13,7 @@ install -m 755 files/rc.local "${ROOTFS_DIR}/etc/"
|
|||
|
||||
on_chroot << EOF
|
||||
systemctl disable hwclock.sh
|
||||
systemctl disable nfs-common
|
||||
systemctl disable rpcbind
|
||||
if [ "${ENABLE_SSH}" == "1" ]; then
|
||||
systemctl enable ssh
|
||||
else
|
||||
systemctl disable ssh
|
||||
fi
|
||||
systemctl enable regenerate_ssh_host_keys
|
||||
EOF
|
||||
|
||||
if [ "${USE_QEMU}" = "1" ]; then
|
||||
|
@ -53,4 +46,3 @@ on_chroot << EOF
|
|||
usermod --pass='*' root
|
||||
EOF
|
||||
|
||||
rm -f "${ROOTFS_DIR}/etc/ssh/"ssh_host_*_key*
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
wpasupplicant wireless-tools firmware-atheros firmware-brcm80211 firmware-libertas firmware-misc-nonfree firmware-realtek
|
||||
raspberrypi-net-mods
|
||||
dhcpcd5
|
||||
net-tools
|
|
@ -1,31 +0,0 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
install -v -d "${ROOTFS_DIR}/etc/systemd/system/dhcpcd.service.d"
|
||||
install -v -m 644 files/wait.conf "${ROOTFS_DIR}/etc/systemd/system/dhcpcd.service.d/"
|
||||
|
||||
install -v -d "${ROOTFS_DIR}/etc/wpa_supplicant"
|
||||
install -v -m 600 files/wpa_supplicant.conf "${ROOTFS_DIR}/etc/wpa_supplicant/"
|
||||
|
||||
if [ -v WPA_COUNTRY ]; then
|
||||
echo "country=${WPA_COUNTRY}" >> "${ROOTFS_DIR}/etc/wpa_supplicant/wpa_supplicant.conf"
|
||||
fi
|
||||
|
||||
if [ -v WPA_ESSID ] && [ -v WPA_PASSWORD ]; then
|
||||
on_chroot <<EOF
|
||||
set -o pipefail
|
||||
wpa_passphrase "${WPA_ESSID}" "${WPA_PASSWORD}" | tee -a "/etc/wpa_supplicant/wpa_supplicant.conf"
|
||||
EOF
|
||||
elif [ -v WPA_ESSID ]; then
|
||||
cat >> "${ROOTFS_DIR}/etc/wpa_supplicant/wpa_supplicant.conf" << EOL
|
||||
|
||||
network={
|
||||
ssid="${WPA_ESSID}"
|
||||
key_mgmt=NONE
|
||||
}
|
||||
EOL
|
||||
fi
|
||||
|
||||
# Disable wifi on 5GHz models
|
||||
mkdir -p "${ROOTFS_DIR}/var/lib/systemd/rfkill/"
|
||||
echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-3f300000.mmcnr:wlan"
|
||||
echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-fe300000.mmcnr:wlan"
|
|
@ -1,3 +0,0 @@
|
|||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=/usr/lib/dhcpcd5/dhcpcd -q -w
|
|
@ -1,2 +0,0 @@
|
|||
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
|
||||
update_config=1
|
|
@ -0,0 +1 @@
|
|||
openjdk-8-jre-headless
|
|
@ -0,0 +1,36 @@
|
|||
#!/bin/bash
|
||||
|
||||
export RUDEFOX_REPO_BASE_URL="https://repo.rudefox.io"
|
||||
export RUDEFOX_REPO_RELEASES="maven-releases"
|
||||
export RUDEFOX_GROUP="io.rudefox"
|
||||
export RUDEFOX_BURROW_ID="burrow"
|
||||
export OUTFILE="burrow.tar"
|
||||
|
||||
|
||||
export WGET_OPTS="--https-only -O ${OUTFILE} -v"
|
||||
export WGET_URL="${RUDEFOX_REPO_BASE_URL}/service/rest/v1/search/assets/download?group=${RUDEFOX_GROUP}&name=${RUDEFOX_BURROW_ID}&maven.extension=tar"
|
||||
|
||||
|
||||
if [ $RUDEFOX_BURROW_VERSION != "latest" ]
|
||||
then
|
||||
export WGET_URL="${WGET_URL}&maven.baseVersion=${RUDEFOX_BURROW_VERSION}"
|
||||
else
|
||||
export WGET_URL="${WGET_URL}&sort=version"
|
||||
fi
|
||||
|
||||
|
||||
if [ $RUDEFOX_REPO_USERNAME != "anonymous" ]
|
||||
then
|
||||
export ENCODED_USERNAME=$(echo -n $RUDEFOX_REPO_USERNAME | base64 | sed 's/+/-/g; s/\//_/g; s/=/%3D/g';)
|
||||
export ENCODED_PASSWORD=$(echo -n $RUDEFOX_REPO_PASSWORD | base64 | sed 's/+/-/g; s/\//_/g; s/=/%3D/g';)
|
||||
export POST_DATA="username=${ENCODED_USERNAME}&password=${ENCODED_PASSWORD}"
|
||||
|
||||
wget --save-cookies cookies.txt --keep-session-cookies --post-data $POST_DATA "${RUDEFOX_REPO_BASE_URL}/service/rapture/session"
|
||||
|
||||
wget --load-cookies cookies.txt $WGET_OPTS $WGET_URL
|
||||
|
||||
rm cookies.txt
|
||||
else
|
||||
wget $WGET_OPTS "${WGET_URL}&repository=${RUDEFOX_REPO_RELEASES}"
|
||||
fi
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
mkdir -p "${ROOTFS_DIR}/opt/"
|
||||
rm -rf "${ROOTFS_DIR}/opt/rudefox-burrow"
|
||||
tar -C "${ROOTFS_DIR}/opt/" -xvf burrow.tar
|
||||
mv "${ROOTFS_DIR}/opt/burrow-"* "${ROOTFS_DIR}/opt/rudefox-burrow"
|
||||
|
||||
on_chroot <<EOF
|
||||
ln -fs /opt/rudefox-burrow/bin/burrow /usr/bin/burrow
|
||||
EOF
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
echo "" >> "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
|
||||
echo ". <(burrow generate-completion)" >> "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
|
||||
echo "alias seedgen='burrow mnemonic -i8b 256'" >> "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
echo "" >> "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
|
||||
echo "unset HISTFILE" >> "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
on_chroot << ENDCHROOT
|
||||
|
||||
systemctl set-default multi-user.target
|
||||
|
||||
ln -fs /lib/systemd/system/getty@.service /etc/systemd/system/getty.target.wants/getty@tty1.service
|
||||
|
||||
cat > /etc/systemd/system/getty@tty1.service.d/autologin.conf << EOF
|
||||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=-/sbin/agetty --autologin ${FIRST_USER_NAME} --noclear %I \\\$TERM
|
||||
EOF
|
||||
|
||||
ENDCHROOT
|
|
@ -0,0 +1 @@
|
|||
toilet figlet
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
rm -rf "${ROOTFS_DIR}/etc/motd"
|
||||
rm -rf "${ROOTFS_DIR}/etc/update-motd.d/"*
|
||||
install -m 755 files/* "${ROOTFS_DIR}/etc/update-motd.d/"
|
||||
|
||||
echo "" >> "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
|
||||
echo "PS1=\"\\\\[\e[31m\\\\]Burrow>\\\\[\e[m\\\\] \"" >> "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
|
|
@ -0,0 +1,9 @@
|
|||
#!/bin/bash
|
||||
|
||||
THIS_SCRIPT="header"
|
||||
MOTD_DISABLE=""
|
||||
|
||||
toilet -f standard -F metal Burrow
|
||||
|
||||
printf '\nWelcome to RudeFox Burrow!\n'
|
||||
printf '\n'
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo ""
|
||||
echo "======================================================="
|
||||
echo "=== TYPE: "
|
||||
echo "=== seedgen "
|
||||
echo "=== "
|
||||
echo "=== to generate a new 24-word seed "
|
||||
echo "======================================================="
|
||||
echo ""
|
||||
echo ""
|
|
@ -0,0 +1,12 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
install -d "${ROOTFS_DIR}/etc/systemd/system/enable-overlayfs.target.wants"
|
||||
install -m 644 files/enable-overlayfs.service "${ROOTFS_DIR}/etc/systemd/system/"
|
||||
install -m 644 files/enable-overlayfs.target "${ROOTFS_DIR}/etc/systemd/system/"
|
||||
install -m 755 files/enable_overlayfs.sh "${ROOTFS_DIR}/usr/bin/"
|
||||
|
||||
on_chroot << EOF
|
||||
ln -sf /etc/systemd/system/enable-overlayfs.service /etc/systemd/system/enable-overlayfs.target.wants/enable-overlayfs.service
|
||||
systemctl daemon-reload
|
||||
systemctl set-default enable-overlayfs.target
|
||||
EOF
|
|
@ -0,0 +1,10 @@
|
|||
[Unit]
|
||||
Description=Enable Overlay Filesystem
|
||||
After=multi-user.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/bin/enable_overlayfs.sh
|
||||
|
||||
[Install]
|
||||
WantedBy=enable-overlayfs.target
|
|
@ -0,0 +1,5 @@
|
|||
[Unit]
|
||||
Description=Enable Overlay Filesystem Target
|
||||
Requires=multi-user.target
|
||||
After=multi-user.target
|
||||
AllowIsolate=yes
|
|
@ -0,0 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
/usr/bin/raspi-config nonint do_overlayfs 0
|
||||
systemctl set-default multi-user.target
|
||||
reboot
|
Loading…
Reference in New Issue