Added suport for bash auto-complete and config options for downloading burrow from the repo

README.md

@@ -1,7 +1,17 @@
-# pi-gen
 
-_Tool used to create the raspberrypi.org Raspbian images_
+#Burrow Pi Image
 
+This is a fork of the [pi-gen](https://github.com/RPi-Distro/pi-gen) project, the "tool used to create the raspberrypi.org Raspbian images".  `pi-gen` serves as a decent base becuase it:
+
+ * Builds compact images that self-inflate on the device during the first boot
+ * Provides a comfortable development workflow
+
+I modified `pi-gen` with the following features:
+
+* Rudefox Burrow installed
+* Auto-login
+* Read-only filesystem (as a security measure to prevent you from accidentally storing sensitive information on this low-security hardware)
+* Most user-space networking packages removed (kernel still included networking capabilities)
 
 ## Dependencies
 
@@ -29,13 +39,17 @@ environment variables.
 
 The following environment variables are supported:
 
- * `IMG_NAME` **required** (Default: unset)
+ * `IMG_NAME` (Default: `RudefoxBurrow`)
 
    The name of the image to build with the current stage directories.  Setting
    `IMG_NAME=Raspbian` is logical for an unmodified RPi-Distro/pi-gen build,
    but you should use something else for a customized version.  Export files
    in stages may add suffixes to `IMG_NAME`.
 
+ * `RUDEFOX_BURROW_VERSION` (Default: `0.0.2`)
+
+   The version of Rudefox Burrow to download and install.
+
  * `RELEASE` (Default: buster)
 
    The release version to build images against. Valid values are jessie, stretch
@@ -83,15 +97,23 @@ The following environment variables are supported:
    Setting to '1' enables the QEMU mode - creating an image that can be mounted via QEMU for an emulated
    environment. These images include "-qemu" in the image file name.
 
- * `LOCALE_DEFAULT` (Default: "en_GB.UTF-8" )
+ * `LOCALE_DEFAULT` (Default: "en_US.UTF-8" )
 
    Default system locale.
 
- * `TARGET_HOSTNAME` (Default: "raspberrypi" )
+ * `TARGET_HOSTNAME` (Default: "burrow" )
 
    Setting the hostname to the specified value.
 
- * `KEYBOARD_KEYMAP` (Default: "gb" )
+ * `KEYBOARD_MODEL` (Default: "Generic 101-key PC" )
+
+   Default keyboard model.
+
+   To get the current value from a running system, run `debconf-show
+   keyboard-configuration` and look at the
+   `keyboard-configuration/model` value.
+
+ * `KEYBOARD_KEYMAP` (Default: "us" )
 
    Default keyboard keymap.
 
@@ -114,11 +136,11 @@ The following environment variables are supported:
    To get the current value from a running system, look in
    `/etc/timezone`.
 
- * `FIRST_USER_NAME` (Default: "pi" )
+ * `FIRST_USER_NAME` (Default: "rudefox" )
 
    Username for the first user
 
- * `FIRST_USER_PASS` (Default: "raspberry")
+ * `FIRST_USER_PASS` (Default: "burrow")
 
    Password for the first user
 
@@ -130,14 +152,17 @@ The following environment variables are supported:
 
    Setting to `1` will enable ssh server for remote log in. Note that if you are using a common password such as the defaults there is a high risk of attackers taking over you Raspberry Pi.
 
- * `STAGE_LIST` (Default: `stage*`)
+ * `STAGE_LIST` (Default: `stage[0-2]`)
+
+   The default setting builds only the "lite" image for Rudefox Burrow, which is all you need.
 
    If set, then instead of working through the numeric stages in order, this list will be followed. For example setting to `"stage0 stage1 mystage stage2"` will run the contents of `mystage` before stage2. Note that quotes are needed around the list. An absolute or relative path can be given for stages outside the pi-gen directory.
 
-A simple example for building Raspbian:
+A simple example for building RaspbianBurrow:
 
 ```bash
-IMG_NAME='Raspbian'
+APT_PROXY=http://172.17.10.10:3142
+TIMEZONE_DEFAULT="America/Toronto"
 ```
 
 The config file can also be specified on the command line as an argument the `build.sh` or `build-docker.sh` scripts.

build-docker.sh

@@ -48,12 +48,6 @@ CONTAINER_NAME=${CONTAINER_NAME:-pigen_work}
 CONTINUE=${CONTINUE:-0}
 PRESERVE_CONTAINER=${PRESERVE_CONTAINER:-0}
 
-if [ -z "${IMG_NAME}" ]; then
-	echo "IMG_NAME not set in 'config'" 1>&2
-	echo 1>&2
-exit 1
-fi
-
 # Ensure the Git Hash is recorded before entering the docker container
 GIT_HASH=${GIT_HASH:-"$(git rev-parse HEAD)"}
 

build.sh

@@ -146,10 +146,10 @@ done
 export PI_GEN=${PI_GEN:-pi-gen}
 export PI_GEN_REPO=${PI_GEN_REPO:-https://github.com/RPi-Distro/pi-gen}
 
-if [ -z "${IMG_NAME}" ]; then
-	echo "IMG_NAME not set" 1>&2
-	exit 1
-fi
+export IMG_NAME="${IMG_NAME:-RasbianBurrow}"
+export RUDEFOX_REPO_USERNAME="${RUDEFOX_REPO_USERNAME:-anonymous}"
+export RUDEFOX_REPO_PASSWORD="${RUDEFOX_REPO_PASSWORD:-default}"
+export RUDEFOX_BURROW_VERSION="${RUDEFOX_BURROW_VERSION:-latest}"
 
 export USE_QEMU="${USE_QEMU:-0}"
 export IMG_DATE="${IMG_DATE:-"$(date +%Y-%m-%d)"}"
@@ -162,19 +162,20 @@ export DEPLOY_DIR=${DEPLOY_DIR:-"${BASE_DIR}/deploy"}
 export DEPLOY_ZIP="${DEPLOY_ZIP:-1}"
 export LOG_FILE="${WORK_DIR}/build.log"
 
-export TARGET_HOSTNAME=${TARGET_HOSTNAME:-raspberrypi}
+export TARGET_HOSTNAME=${TARGET_HOSTNAME:-burrow}
 
-export FIRST_USER_NAME=${FIRST_USER_NAME:-pi}
-export FIRST_USER_PASS=${FIRST_USER_PASS:-raspberry}
+export FIRST_USER_NAME=${FIRST_USER_NAME:-rudefox}
+export FIRST_USER_PASS=${FIRST_USER_PASS:-burrow}
 export RELEASE=${RELEASE:-buster}
 export WPA_ESSID
 export WPA_PASSWORD
 export WPA_COUNTRY
 export ENABLE_SSH="${ENABLE_SSH:-0}"
 
-export LOCALE_DEFAULT="${LOCALE_DEFAULT:-en_GB.UTF-8}"
+export LOCALE_DEFAULT="${LOCALE_DEFAULT:-en_US.UTF-8}"
 
-export KEYBOARD_KEYMAP="${KEYBOARD_KEYMAP:-gb}"
+export KEYBOARD_MODEL="${KEYBOARD_MODEL:-Generic 101-key PC}"
+export KEYBOARD_KEYMAP="${KEYBOARD_KEYMAP:-us}"
 export KEYBOARD_LAYOUT="${KEYBOARD_LAYOUT:-English (UK)}"
 
 export TIMEZONE_DEFAULT="${TIMEZONE_DEFAULT:-Europe/London}"
@@ -229,7 +230,7 @@ fi
 mkdir -p "${WORK_DIR}"
 log "Begin ${BASE_DIR}"
 
-STAGE_LIST=${STAGE_LIST:-${BASE_DIR}/stage*}
+STAGE_LIST=${STAGE_LIST:-${BASE_DIR}/stage[0-2]}
 
 for STAGE_DIR in $STAGE_LIST; do
 	STAGE_DIR=$(realpath "${STAGE_DIR}")

stage2/01-sys-tweaks/00-packages

@@ -1,4 +1,4 @@
-ssh less fbset sudo psmisc strace ed ncdu crda
+less fbset sudo psmisc strace ed ncdu crda vim
 console-setup keyboard-configuration debconf-utils parted unzip
 build-essential manpages-dev python bash-completion gdb pkg-config
 python-rpi.gpio v4l-utils
@@ -6,26 +6,20 @@ avahi-daemon
 lua5.1
 luajit
 hardlink ca-certificates curl
-fake-hwclock nfs-common usbutils
+fake-hwclock usbutils
 libraspberrypi-dev libraspberrypi-doc libfreetype6-dev
 dosfstools
 dphys-swapfile
 raspberrypi-sys-mods
-pi-bluetooth
 apt-listchanges
 usb-modeswitch
 libpam-chksshpwd
 rpi-update
 libmtp-runtime
-rsync
-htop
 man-db
 policykit-1
-ssh-import-id
 rng-tools
-ethtool
 vl805fw
-ntfs-3g
 pciutils
 rpi-eeprom
 raspinfo

stage2/01-sys-tweaks/00-packages-nr

@@ -1 +0,0 @@
-cifs-utils

stage2/01-sys-tweaks/01-run.sh

@@ -13,14 +13,7 @@ install -m 755 files/rc.local		"${ROOTFS_DIR}/etc/"
 
 on_chroot << EOF
 systemctl disable hwclock.sh
-systemctl disable nfs-common
 systemctl disable rpcbind
-if [ "${ENABLE_SSH}" == "1" ]; then
-	systemctl enable ssh
-else
-	systemctl disable ssh
-fi
-systemctl enable regenerate_ssh_host_keys
 EOF
 
 if [ "${USE_QEMU}" = "1" ]; then
@@ -53,4 +46,3 @@ on_chroot << EOF
 usermod --pass='*' root
 EOF
 
-rm -f "${ROOTFS_DIR}/etc/ssh/"ssh_host_*_key*

stage2/02-net-tweaks/00-packages

@@ -1,4 +0,0 @@
-wpasupplicant wireless-tools firmware-atheros firmware-brcm80211 firmware-libertas firmware-misc-nonfree firmware-realtek
-raspberrypi-net-mods
-dhcpcd5
-net-tools

stage2/02-net-tweaks/01-run.sh

@@ -1,31 +0,0 @@
-#!/bin/bash -e
-
-install -v -d					"${ROOTFS_DIR}/etc/systemd/system/dhcpcd.service.d"
-install -v -m 644 files/wait.conf		"${ROOTFS_DIR}/etc/systemd/system/dhcpcd.service.d/"
-
-install -v -d					"${ROOTFS_DIR}/etc/wpa_supplicant"
-install -v -m 600 files/wpa_supplicant.conf	"${ROOTFS_DIR}/etc/wpa_supplicant/"
-
-if [ -v WPA_COUNTRY ]; then
-	echo "country=${WPA_COUNTRY}" >> "${ROOTFS_DIR}/etc/wpa_supplicant/wpa_supplicant.conf"
-fi
-
-if [ -v WPA_ESSID ] && [ -v WPA_PASSWORD ]; then
-on_chroot <<EOF
-set -o pipefail
-wpa_passphrase "${WPA_ESSID}" "${WPA_PASSWORD}" | tee -a "/etc/wpa_supplicant/wpa_supplicant.conf"
-EOF
-elif [ -v WPA_ESSID ]; then
-cat >> "${ROOTFS_DIR}/etc/wpa_supplicant/wpa_supplicant.conf" << EOL
-
-network={
-	ssid="${WPA_ESSID}"
-	key_mgmt=NONE
-}
-EOL
-fi
-
-# Disable wifi on 5GHz models
-mkdir -p "${ROOTFS_DIR}/var/lib/systemd/rfkill/"
-echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-3f300000.mmcnr:wlan"
-echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-fe300000.mmcnr:wlan"

stage2/02-net-tweaks/files/wait.conf

@@ -1,3 +0,0 @@
-[Service]
-ExecStart=
-ExecStart=/usr/lib/dhcpcd5/dhcpcd -q -w

stage2/02-net-tweaks/files/wpa_supplicant.conf

@@ -1,2 +0,0 @@
-ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
-update_config=1

stage2/04-rudefox-burrow/00-packages

@@ -0,0 +1 @@
+openjdk-8-jre-headless

stage2/04-rudefox-burrow/01-run.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+export RUDEFOX_REPO_BASE_URL="https://repo.rudefox.io"
+export RUDEFOX_REPO_RELEASES="maven-releases"
+export RUDEFOX_GROUP="io.rudefox"
+export RUDEFOX_BURROW_ID="burrow"
+export OUTFILE="burrow.tar"
+
+
+export WGET_OPTS="--https-only -O ${OUTFILE} -v"
+export WGET_URL="${RUDEFOX_REPO_BASE_URL}/service/rest/v1/search/assets/download?group=${RUDEFOX_GROUP}&name=${RUDEFOX_BURROW_ID}&maven.extension=tar"
+
+
+if [ $RUDEFOX_BURROW_VERSION != "latest" ]
+then
+    export WGET_URL="${WGET_URL}&maven.baseVersion=${RUDEFOX_BURROW_VERSION}"
+else
+    export WGET_URL="${WGET_URL}&sort=version"
+fi
+
+
+if [ $RUDEFOX_REPO_USERNAME != "anonymous" ]
+then
+    export ENCODED_USERNAME=$(echo -n $RUDEFOX_REPO_USERNAME | base64 | sed 's/+/-/g; s/\//_/g; s/=/%3D/g';)
+    export ENCODED_PASSWORD=$(echo -n $RUDEFOX_REPO_PASSWORD | base64 | sed 's/+/-/g; s/\//_/g; s/=/%3D/g';)
+    export POST_DATA="username=${ENCODED_USERNAME}&password=${ENCODED_PASSWORD}"
+
+    wget --save-cookies cookies.txt --keep-session-cookies --post-data $POST_DATA "${RUDEFOX_REPO_BASE_URL}/service/rapture/session"
+
+    wget --load-cookies cookies.txt $WGET_OPTS $WGET_URL
+
+    rm cookies.txt
+else
+    wget $WGET_OPTS "${WGET_URL}&repository=${RUDEFOX_REPO_RELEASES}"
+fi
+

stage2/04-rudefox-burrow/02-run.sh

@@ -0,0 +1,10 @@
+#!/bin/bash -e
+
+mkdir -p "${ROOTFS_DIR}/opt/"
+rm -rf "${ROOTFS_DIR}/opt/rudefox-burrow"
+tar -C "${ROOTFS_DIR}/opt/" -xvf burrow.tar
+mv "${ROOTFS_DIR}/opt/burrow-"* "${ROOTFS_DIR}/opt/rudefox-burrow"
+
+on_chroot <<EOF
+ln -fs /opt/rudefox-burrow/bin/burrow /usr/bin/burrow
+EOF

stage2/04-rudefox-burrow/03-run.sh

@@ -0,0 +1,5 @@
+#!/bin/bash -e
+
+echo "" >>  "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
+echo ". <(burrow generate-completion)" >>  "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
+

stage2/04-rudefox-burrow/04-run.sh

@@ -0,0 +1,5 @@
+#!/bin/bash -e
+
+echo "" >>  "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
+echo "unset HISTFILE" >>  "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
+

stage2/05-autologin/00-run.sh

@@ -0,0 +1,15 @@
+#!/bin/bash -e
+
+on_chroot << ENDCHROOT
+
+systemctl set-default multi-user.target
+
+ln -fs /lib/systemd/system/getty@.service /etc/systemd/system/getty.target.wants/getty@tty1.service
+
+cat > /etc/systemd/system/getty@tty1.service.d/autologin.conf << EOF
+[Service]
+ExecStart=
+ExecStart=-/sbin/agetty --autologin ${FIRST_USER_NAME} --noclear %I \\\$TERM
+EOF
+
+ENDCHROOT

stage2/06-rudefox-motd/00-packages

@@ -0,0 +1 @@
+toilet figlet

stage2/06-rudefox-motd/01-run.sh

@@ -0,0 +1,8 @@
+#!/bin/bash -e
+
+rm -rf "${ROOTFS_DIR}/etc/motd"
+rm -rf "${ROOTFS_DIR}/etc/update-motd.d/"*
+install -m 755 files/*  "${ROOTFS_DIR}/etc/update-motd.d/"
+
+echo "" >>  "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"
+echo "PS1=\"\[\e[31m\]Burrow>\[\e[m\] \"" >>  "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.bashrc"

stage2/06-rudefox-motd/files/10-rudefox-header

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+THIS_SCRIPT="header"
+MOTD_DISABLE=""
+
+toilet -f standard -F metal Burrow
+
+printf '\nWelcome to RudeFox Burrow!\n'
+printf '\n'

stage2/06-rudefox-motd/files/30-rudefox-instructions

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+echo ""
+echo   "======================================================="
+echo   "===    TYPE:                                        "
+echo   "===      burrow mnemonic -i8b 256                   "
+echo   "===                                                 "
+echo   "===    to generate a new 24-word seed               "             
+echo   "======================================================="
+echo ""
+echo ""

stage2/07-enable-overlayfs/00-run.sh

@@ -0,0 +1,12 @@
+#!/bin/bash -e
+
+install -d "${ROOTFS_DIR}/etc/systemd/system/enable-overlayfs.target.wants"
+install -m 644 files/enable-overlayfs.service "${ROOTFS_DIR}/etc/systemd/system/"
+install -m 644 files/enable-overlayfs.target "${ROOTFS_DIR}/etc/systemd/system/"
+install -m 755 files/enable_overlayfs.sh "${ROOTFS_DIR}/usr/bin/"
+
+on_chroot << EOF
+ln -sf /etc/systemd/system/enable-overlayfs.service /etc/systemd/system/enable-overlayfs.target.wants/enable-overlayfs.service
+systemctl daemon-reload
+systemctl set-default enable-overlayfs.target
+EOF

stage2/07-enable-overlayfs/files/enable-overlayfs.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Enable Overlay Filesystem
+After=multi-user.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/enable_overlayfs.sh
+
+[Install]
+WantedBy=enable-overlayfs.target

stage2/07-enable-overlayfs/files/enable-overlayfs.target

@@ -0,0 +1,5 @@
+[Unit]
+Description=Enable Overlay Filesystem Target
+Requires=multi-user.target
+After=multi-user.target
+AllowIsolate=yes

stage2/07-enable-overlayfs/files/enable_overlayfs.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+/usr/bin/raspi-config nonint do_overlayfs 0
+systemctl set-default multi-user.target
+reboot