Fixed PS1 .bashrc line to include extra slashes

README.md

@@ -1,7 +1,16 @@
-# pi-gen
+# Burrow Pi Image
 
-_Tool used to create the raspberrypi.org Raspbian images_
+This is a fork of the [pi-gen](https://github.com/RPi-Distro/pi-gen) project, the "tool used to create the raspberrypi.org Raspbian images".  `pi-gen` serves as a decent base becuase it:
 
+ * Builds compact images that self-inflate on the device during the first boot
+ * Provides a comfortable development workflow
+
+I modified `pi-gen` with the following features:
+
+* Rudefox Burrow installed
+* Auto-login
+* Read-only filesystem (as a security measure to prevent you from accidentally storing sensitive information on this low-security hardware)
+* Most user-space networking packages removed (kernel still included networking capabilities)
 
 ## Dependencies
 
@@ -29,13 +38,21 @@ environment variables.
 
 The following environment variables are supported:
 
- * `IMG_NAME` **required** (Default: unset)
+ * `IMG_NAME` (Default: `RudefoxBurrow`)
 
    The name of the image to build with the current stage directories.  Setting
    `IMG_NAME=Raspbian` is logical for an unmodified RPi-Distro/pi-gen build,
    but you should use something else for a customized version.  Export files
    in stages may add suffixes to `IMG_NAME`.
 
+ * `RUDEFOX_REPO_USERNAME` (Default: `anonymous`)
+
+   If the value is set to `anonymous`, then Burrow is pulled from the publicly available Rudefox repository.  Otherwise, the build attempts to login to the Rudefox private repository for access to SNAPSHOT builds using the provided `RUDEFOX_REPO_USERNAME` / `RUDEFOX_REPO_PASSWORD` credentials.
+
+ * `RUDEFOX_BURROW_VERSION` (Default: `latest`)
+
+   If the value is set to `latest`, then the latest version is pulled from the Rudefox repository and installed.  Otherwise, the specified version is downloadedand installed.
+
  * `RELEASE` (Default: buster)
 
    The release version to build images against. Valid values are jessie, stretch
@@ -83,15 +100,23 @@ The following environment variables are supported:
    Setting to '1' enables the QEMU mode - creating an image that can be mounted via QEMU for an emulated
    environment. These images include "-qemu" in the image file name.
 
- * `LOCALE_DEFAULT` (Default: "en_GB.UTF-8" )
+ * `LOCALE_DEFAULT` (Default: "en_CA.UTF-8" )
 
    Default system locale.
 
- * `TARGET_HOSTNAME` (Default: "raspberrypi" )
+ * `TARGET_HOSTNAME` (Default: "burrow" )
 
    Setting the hostname to the specified value.
 
- * `KEYBOARD_KEYMAP` (Default: "gb" )
+ * `KEYBOARD_MODEL` (Default: "Generic 101-key PC" )
+
+   Default keyboard model.
+
+   To get the current value from a running system, run `debconf-show
+   keyboard-configuration` and look at the
+   `keyboard-configuration/model` value.
+
+ * `KEYBOARD_KEYMAP` (Default: "us" )
 
    Default keyboard keymap.
 
@@ -114,11 +139,11 @@ The following environment variables are supported:
    To get the current value from a running system, look in
    `/etc/timezone`.
 
- * `FIRST_USER_NAME` (Default: "pi" )
+ * `FIRST_USER_NAME` (Default: "rudefox" )
 
    Username for the first user
 
- * `FIRST_USER_PASS` (Default: "raspberry")
+ * `FIRST_USER_PASS` (Default: "burrow")
 
    Password for the first user
 
@@ -130,14 +155,17 @@ The following environment variables are supported:
 
    Setting to `1` will enable ssh server for remote log in. Note that if you are using a common password such as the defaults there is a high risk of attackers taking over you Raspberry Pi.
 
- * `STAGE_LIST` (Default: `stage*`)
+ * `STAGE_LIST` (Default: `stage[0-2]`)
 
-    If set, then instead of working through the numeric stages in order, this list will be followed. For example setting to `"stage0 stage1 mystage stage2"` will run the contents of `mystage` before stage2. Note that quotes are needed around the list. An absolute or relative path can be given for stages outside the pi-gen directory.
+   The default setting builds only the "lite" image for Rudefox Burrow, which is all you need.
 
-A simple example for building Raspbian:
+   If set, then instead of working through the numeric stages in order, this list will be followed. For example setting to `"stage0 stage1 mystage stage2"` will run the contents of `mystage` before stage2. Note that quotes are needed around the list. An absolute or relative path can be given for stages outside the pi-gen directory.
+
+A simple example for building RaspbianBurrow:
 
 ```bash
-IMG_NAME='Raspbian'
+APT_PROXY=http://172.17.10.10:3142
+TIMEZONE_DEFAULT="America/Toronto"
 ```
 
 The config file can also be specified on the command line as an argument the `build.sh` or `build-docker.sh` scripts.

build-docker.sh

@@ -48,12 +48,6 @@ CONTAINER_NAME=${CONTAINER_NAME:-pigen_work}
 CONTINUE=${CONTINUE:-0}
 PRESERVE_CONTAINER=${PRESERVE_CONTAINER:-0}
 
-if [ -z "${IMG_NAME}" ]; then
-	echo "IMG_NAME not set in 'config'" 1>&2
-	echo 1>&2
-exit 1
-fi
-
 # Ensure the Git Hash is recorded before entering the docker container
 GIT_HASH=${GIT_HASH:-"$(git rev-parse HEAD)"}
 

build.sh

@@ -146,10 +146,10 @@ done
 export PI_GEN=${PI_GEN:-pi-gen}
 export PI_GEN_REPO=${PI_GEN_REPO:-https://github.com/RPi-Distro/pi-gen}
 
-if [ -z "${IMG_NAME}" ]; then
-	echo "IMG_NAME not set" 1>&2
-	exit 1
-fi
+export IMG_NAME="${IMG_NAME:-RasbianBurrow}"
+export RUDEFOX_REPO_USERNAME="${RUDEFOX_REPO_USERNAME:-anonymous}"
+export RUDEFOX_REPO_PASSWORD="${RUDEFOX_REPO_PASSWORD:-default}"
+export RUDEFOX_BURROW_VERSION="${RUDEFOX_BURROW_VERSION:-latest}"
 
 export USE_QEMU="${USE_QEMU:-0}"
 export IMG_DATE="${IMG_DATE:-"$(date +%Y-%m-%d)"}"
@@ -162,19 +162,20 @@ export DEPLOY_DIR=${DEPLOY_DIR:-"${BASE_DIR}/deploy"}
 export DEPLOY_ZIP="${DEPLOY_ZIP:-1}"
 export LOG_FILE="${WORK_DIR}/build.log"
 
-export TARGET_HOSTNAME=${TARGET_HOSTNAME:-raspberrypi}
+export TARGET_HOSTNAME=${TARGET_HOSTNAME:-burrow}
 
-export FIRST_USER_NAME=${FIRST_USER_NAME:-pi}
-export FIRST_USER_PASS=${FIRST_USER_PASS:-raspberry}
+export FIRST_USER_NAME=${FIRST_USER_NAME:-rudefox}
+export FIRST_USER_PASS=${FIRST_USER_PASS:-burrow}
 export RELEASE=${RELEASE:-buster}
 export WPA_ESSID
 export WPA_PASSWORD
 export WPA_COUNTRY
 export ENABLE_SSH="${ENABLE_SSH:-0}"
 
-export LOCALE_DEFAULT="${LOCALE_DEFAULT:-en_GB.UTF-8}"
+export LOCALE_DEFAULT="${LOCALE_DEFAULT:-en_CA.UTF-8}"
 
-export KEYBOARD_KEYMAP="${KEYBOARD_KEYMAP:-gb}"
+export KEYBOARD_MODEL="${KEYBOARD_MODEL:-Generic 101-key PC}"
+export KEYBOARD_KEYMAP="${KEYBOARD_KEYMAP:-us}"
 export KEYBOARD_LAYOUT="${KEYBOARD_LAYOUT:-English (UK)}"
 
 export TIMEZONE_DEFAULT="${TIMEZONE_DEFAULT:-Europe/London}"
@@ -229,7 +230,7 @@ fi
 mkdir -p "${WORK_DIR}"
 log "Begin ${BASE_DIR}"
 
-STAGE_LIST=${STAGE_LIST:-${BASE_DIR}/stage*}
+STAGE_LIST=${STAGE_LIST:-${BASE_DIR}/stage[0-2]}
 
 for STAGE_DIR in $STAGE_LIST; do
 	STAGE_DIR=$(realpath "${STAGE_DIR}")

stage2/01-sys-tweaks/00-packages

@@ -1,4 +1,4 @@
-ssh less fbset sudo psmisc strace ed ncdu crda
+less fbset sudo psmisc strace ed ncdu crda vim
 console-setup keyboard-configuration debconf-utils parted unzip
 build-essential manpages-dev python bash-completion gdb pkg-config
 python-rpi.gpio v4l-utils
@@ -6,26 +6,20 @@ avahi-daemon
 lua5.1
 luajit
 hardlink ca-certificates curl
-fake-hwclock nfs-common usbutils
+fake-hwclock usbutils
 libraspberrypi-dev libraspberrypi-doc libfreetype6-dev
 dosfstools
 dphys-swapfile
 raspberrypi-sys-mods
-pi-bluetooth
 apt-listchanges
 usb-modeswitch
 libpam-chksshpwd
 rpi-update
 libmtp-runtime
-rsync
-htop
 man-db
 policykit-1
-ssh-import-id
 rng-tools
-ethtool
 vl805fw
-ntfs-3g
 pciutils
 rpi-eeprom
 raspinfo

stage2/01-sys-tweaks/00-packages-nr

@@ -1 +0,0 @@
-cifs-utils

stage2/01-sys-tweaks/01-run.sh

@@ -13,14 +13,7 @@ install -m 755 files/rc.local		"${ROOTFS_DIR}/etc/"
 
 on_chroot << EOF
 systemctl disable hwclock.sh
-systemctl disable nfs-common
 systemctl disable rpcbind
-if [ "${ENABLE_SSH}" == "1" ]; then
-	systemctl enable ssh
-else
-	systemctl disable ssh
-fi
-systemctl enable regenerate_ssh_host_keys
 EOF
 
 if [ "${USE_QEMU}" = "1" ]; then
@@ -53,4 +46,3 @@ on_chroot << EOF
 usermod --pass='*' root
 EOF
 
-rm -f "${ROOTFS_DIR}/etc/ssh/"ssh_host_*_key*

stage2/02-net-tweaks/00-packages

@@ -1,4 +0,0 @@
-wpasupplicant wireless-tools firmware-atheros firmware-brcm80211 firmware-libertas firmware-misc-nonfree firmware-realtek
-raspberrypi-net-mods
-dhcpcd5
-net-tools

stage2/02-net-tweaks/01-run.sh

@@ -1,31 +0,0 @@
-#!/bin/bash -e
-
-install -v -d					"${ROOTFS_DIR}/etc/systemd/system/dhcpcd.service.d"
-install -v -m 644 files/wait.conf		"${ROOTFS_DIR}/etc/systemd/system/dhcpcd.service.d/"
-
-install -v -d					"${ROOTFS_DIR}/etc/wpa_supplicant"
-install -v -m 600 files/wpa_supplicant.conf	"${ROOTFS_DIR}/etc/wpa_supplicant/"
-
-if [ -v WPA_COUNTRY ]; then
-	echo "country=${WPA_COUNTRY}" >> "${ROOTFS_DIR}/etc/wpa_supplicant/wpa_supplicant.conf"
-fi
-
-if [ -v WPA_ESSID ] && [ -v WPA_PASSWORD ]; then
-on_chroot <<EOF
-set -o pipefail
-wpa_passphrase "${WPA_ESSID}" "${WPA_PASSWORD}" | tee -a "/etc/wpa_supplicant/wpa_supplicant.conf"
-EOF
-elif [ -v WPA_ESSID ]; then
-cat >> "${ROOTFS_DIR}/etc/wpa_supplicant/wpa_supplicant.conf" << EOL
-
-network={
-	ssid="${WPA_ESSID}"
-	key_mgmt=NONE
-}
-EOL
-fi
-
-# Disable wifi on 5GHz models
-mkdir -p "${ROOTFS_DIR}/var/lib/systemd/rfkill/"
-echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-3f300000.mmcnr:wlan"
-echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-fe300000.mmcnr:wlan"

stage2/02-net-tweaks/files/wait.conf

@@ -1,3 +0,0 @@
-[Service]
-ExecStart=
-ExecStart=/usr/lib/dhcpcd5/dhcpcd -q -w

stage2/02-net-tweaks/files/wpa_supplicant.conf

@@ -1,2 +0,0 @@
-ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
-update_config=1

stage2/04-rudefox-burrow/00-packages

@@ -0,0 +1 @@
+openjdk-8-jre-headless

stage2/04-rudefox-burrow/01-run.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+export RUDEFOX_REPO_BASE_URL="https://repo.rudefox.io"
+export RUDEFOX_REPO_RELEASES="maven-releases"
+export RUDEFOX_GROUP="io.rudefox"
+export RUDEFOX_BURROW_ID="burrow"
+export OUTFILE="burrow.tar"
+
+
+export WGET_OPTS="--https-only -O ${OUTFILE} -v"
+export WGET_URL="${RUDEFOX_REPO_BASE_URL}/service/rest/v1/search/assets/download?group=${RUDEFOX_GROUP}&name=${RUDEFOX_BURROW_ID}&maven.extension=tar"
+
+
+if [ $RUDEFOX_BURROW_VERSION != "latest" ]
+then
+    export WGET_URL="${WGET_URL}&maven.baseVersion=${RUDEFOX_BURROW_VERSION}"
+else
+    export WGET_URL="${WGET_URL}&sort=version"
+fi
+
+
+if [ $RUDEFOX_REPO_USERNAME != "anonymous" ]
+then
+    export ENCODED_USERNAME=$(echo -n $RUDEFOX_REPO_USERNAME | base64 | sed 's/+/-/g; s/\//_/g; s/=/%3D/g';)
+    export ENCODED_PASSWORD=$(echo -n $RUDEFOX_REPO_PASSWORD | base64 | sed 's/+/-/g; s/\//_/g; s/=/%3D/g';)
+    export POST_DATA="username=${ENCODED_USERNAME}&password=${ENCODED_PASSWORD}"
+
+    wget --save-cookies cookies.txt --keep-session-cookies --post-data $POST_DATA "${RUDEFOX_REPO_BASE_URL}/service/rapture/session"
+
+    wget --load-cookies cookies.txt $WGET_OPTS $WGET_URL
+
+    rm cookies.txt
+else
+    wget $WGET_OPTS "${WGET_URL}&repository=${RUDEFOX_REPO_RELEASES}"
+fi
+

stage2/04-rudefox-burrow/02-run.sh

@@ -0,0 +1,10 @@
+#!/bin/bash -e
+
+mkdir -p "${ROOTFS_DIR}/opt/"
+rm -rf "${ROOTFS_DIR}/opt/rudefox-burrow"
+tar -C "${ROOTFS_DIR}/opt/" -xvf burrow.tar
+mv "${ROOTFS_DIR}/opt/burrow-"* "${ROOTFS_DIR}/opt/rudefox-burrow"
+
+on_chroot <<EOF
+ln -fs /opt/rudefox-burrow/bin/burrow /usr/bin/burrow
+EOF

stage2/04-rudefox-burrow/03-run.sh

@@ -0,0 +1,6 @@
+#!/bin/bash -e
+
+echo "" >>  "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
+echo ". <(burrow generate-completion)" >>  "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
+echo "alias seedgen='burrow mnemonic -i8b 256'" >>  "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
+

stage2/04-rudefox-burrow/04-run.sh

@@ -0,0 +1,5 @@
+#!/bin/bash -e
+
+echo "" >>  "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
+echo "unset HISTFILE" >>  "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
+

stage2/05-autologin/00-run.sh

@@ -0,0 +1,15 @@
+#!/bin/bash -e
+
+on_chroot << ENDCHROOT
+
+systemctl set-default multi-user.target
+
+ln -fs /lib/systemd/system/getty@.service /etc/systemd/system/getty.target.wants/getty@tty1.service
+
+cat > /etc/systemd/system/getty@tty1.service.d/autologin.conf << EOF
+[Service]
+ExecStart=
+ExecStart=-/sbin/agetty --autologin ${FIRST_USER_NAME} --noclear %I \\\$TERM
+EOF
+
+ENDCHROOT

stage2/06-rudefox-motd/00-packages

@@ -0,0 +1 @@
+toilet figlet

stage2/06-rudefox-motd/01-run.sh

@@ -0,0 +1,8 @@
+#!/bin/bash -e
+
+rm -rf "${ROOTFS_DIR}/etc/motd"
+rm -rf "${ROOTFS_DIR}/etc/update-motd.d/"*
+install -m 755 files/*  "${ROOTFS_DIR}/etc/update-motd.d/"
+
+echo "" >>  "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
+echo "PS1=\"\\\\[\e[31m\\\\]Burrow>\\\\[\e[m\\\\] \"" >>  "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"

stage2/06-rudefox-motd/files/10-rudefox-header

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+THIS_SCRIPT="header"
+MOTD_DISABLE=""
+
+toilet -f standard -F metal Burrow
+
+printf '\nWelcome to RudeFox Burrow!\n'
+printf '\n'

stage2/06-rudefox-motd/files/30-rudefox-instructions

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+echo ""
+echo   "======================================================="
+echo   "===    TYPE:                                        "
+echo   "===      seedgen                                    "
+echo   "===                                                 "
+echo   "===    to generate a new 24-word seed               "             
+echo   "======================================================="
+echo ""
+echo ""

stage2/07-enable-overlayfs/00-run.sh

@@ -0,0 +1,12 @@
+#!/bin/bash -e
+
+install -d "${ROOTFS_DIR}/etc/systemd/system/enable-overlayfs.target.wants"
+install -m 644 files/enable-overlayfs.service "${ROOTFS_DIR}/etc/systemd/system/"
+install -m 644 files/enable-overlayfs.target "${ROOTFS_DIR}/etc/systemd/system/"
+install -m 755 files/enable_overlayfs.sh "${ROOTFS_DIR}/usr/bin/"
+
+on_chroot << EOF
+ln -sf /etc/systemd/system/enable-overlayfs.service /etc/systemd/system/enable-overlayfs.target.wants/enable-overlayfs.service
+systemctl daemon-reload
+systemctl set-default enable-overlayfs.target
+EOF

stage2/07-enable-overlayfs/files/enable-overlayfs.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Enable Overlay Filesystem
+After=multi-user.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/enable_overlayfs.sh
+
+[Install]
+WantedBy=enable-overlayfs.target

stage2/07-enable-overlayfs/files/enable-overlayfs.target

@@ -0,0 +1,5 @@
+[Unit]
+Description=Enable Overlay Filesystem Target
+Requires=multi-user.target
+After=multi-user.target
+AllowIsolate=yes

stage2/07-enable-overlayfs/files/enable_overlayfs.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+/usr/bin/raspi-config nonint do_overlayfs 0
+systemctl set-default multi-user.target
+reboot