freedombone/src/freedombone-image-customise

339 lines
10 KiB
Plaintext
Raw Normal View History

2015-11-21 00:54:24 +01:00
#!/bin/bash
#
2015-11-21 12:25:32 +01:00
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Based on bin/freedombox-customize from freedom-maker
#
2015-11-21 12:25:32 +01:00
# License
# =======
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
set -e
set -x
PROJECT_NAME='freedombone'
2015-11-21 11:29:10 +01:00
MY_USERNAME='debian'
2015-11-20 22:43:03 +01:00
MY_PASSWORD='freedombone'
# IP address of the router (gateway)
ROUTER_IP_ADDRESS="192.168.1.254"
# The fixed IP address of the Beaglebone Black on your local network
BOX_IP_ADDRESS="192.168.1.55"
# DNS
NAMESERVER1='213.73.91.35'
NAMESERVER2='85.214.20.141'
# optional configuration file containing freedombone settings
CONFIG_FILENAME=
# Optional ssh public key to allow
SSH_PUBKEY="no"
2015-11-23 11:33:45 +01:00
# Whether this is a generic image for mass redistribution on the interwebs
GENERIC_IMAGE="no"
enable_eatmydata_override() {
chroot $rootdir apt-get install --no-install-recommends -y eatmydata
if [ -x $rootdir/usr/bin/eatmydata ] && \
[ ! -f $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata ]; then
echo "info: Adding apt config to call dpkg via eatmydata"
printf "#!/bin/sh\nexec eatmydata dpkg \"\$@\"\n" \
> $rootdir/var/tmp/dpkg-eatmydata
chmod 755 $rootdir/var/tmp/dpkg-eatmydata
cat > $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata <<EOF
Dir::Bin::dpkg "/var/tmp/dpkg-eatmydata";
EOF
else
echo "error: unable to find /usr/bin/eatmydata after installing the eatmydata package"
fi
}
disable_eatmydata_override() {
for override in \
/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata \
/var/tmp/dpkg-eatmydata ; do
echo "info: Removing apt config to call dpkg via eatmydata"
if [ -f $rootdir$override ] ; then
rm -f $rootdir$override
else
echo "warning: missing $rootdir$override"
fi
done
sync # Flush file buffers before continuing
}
set_apt_sources() {
NEW_MIRROR="$1"
COMPONENTS="main"
cat <<EOF > etc/apt/sources.list
deb $NEW_MIRROR $SUITE $COMPONENTS
deb-src $NEW_MIRROR $SUITE $COMPONENTS
#deb http://security.debian.org/ $SUITE/updates main
#deb-src http://security.debian.org/ $SUITE/updates main
EOF
}
2015-11-22 12:12:38 +01:00
configure_networking() {
2015-11-21 14:12:31 +01:00
echo "# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address $BOX_IP_ADDRESS
netmask 255.255.255.0
gateway $ROUTER_IP_ADDRESS
dns-nameservers $NAMESERVER1 $NAMESERVER2
# Example to keep MAC address between reboots
#hwaddress ether B5:A2:BE:3F:1A:FE
# The secondary network interface
#auto eth1
#iface eth1 inet dhcp
# WiFi Example
#auto wlan0
#iface wlan0 inet dhcp
# wpa-ssid \"essid\"
# wpa-psk \"password\"
# Ethernet/RNDIS gadget (g_ether)
# ... or on host side, usbnet and random hwaddr
# Note on some boards, usb0 is automaticly setup with an init script
#iface usb0 inet static
# address 192.168.7.2
# netmask 255.255.255.0
# network 192.168.7.0
# gateway 192.168.7.1" > $rootdir/etc/network/interfaces
hexarray=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )
a=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
b=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
c=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
d=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
e=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
sed -i "s|#hwaddress ether.*|hwaddress ether de:$a:$b:$c:$d:$e|g" \
$rootdir/etc/network/interfaces
sed -i "s/nameserver.*/nameserver $NAMESERVER1/g" $rootdir/etc/resolv.conf
sed -i "/nameserver $NAMESERVER1/a\nameserver $NAMESERVER2" $rootdir/etc/resolv.conf
# change the motd to show further install instructions
2015-11-22 14:52:42 +01:00
echo "
.---. . .
| | |
|--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
| | (.-' (.-' ( | ( )| | | | )( )| | (.-'
' ' --' --' -' - -' ' ' -' -' -' ' - --'
Initial base install
Your system is not yet installed. To complete the process run the
following commands, then enter your details.
2015-11-21 14:12:31 +01:00
sudo su
freedombone menuconfig
2015-11-22 14:52:42 +01:00
" > $rootdir/etc/motd
2015-11-21 14:12:31 +01:00
}
2015-11-22 12:12:38 +01:00
configure_ssh() {
2015-11-21 16:47:44 +01:00
sed -i "s/Port .*/Port 2222/g" $rootdir/etc/ssh/sshd_config
if [[ "$SSH_PUBKEY" != "no" ]]; then
if [ ! -d $rootdir/home/$MY_USERNAME/.ssh ]; then
mkdir $rootdir/home/$MY_USERNAME/.ssh
fi
echo "$SSH_PUBKEY" > $rootdir/home/$MY_USERNAME/.ssh/authorized_keys
chroot $rootdir chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config
echo "Using ssh public key:"
echo $SSH_PUBKEY
echo 'Password ssh authentication turned off'
fi
}
admin_user_sudo() {
echo "$MY_USERNAME ALL=(ALL) ALL" >> $rootdir/etc/sudoers
}
2015-11-23 11:33:45 +01:00
create_generic_image() {
if [[ $GENERIC_IMAGE == "no" ]]; then
return
fi
# Don't install any configuration. This will be a base system
CONFIG_FILENAME=
# The presence of this file indicates that the initial
# setup has not yet been completed
touch $rootdir/home/$MY_USERNAME/.initial_setup
cat >> /home/$MY_USERNAME/.bashrc <<EOF
if [ -f ~/.initial_setup ]; then
clear
echo '>>> Freedombone system initial setup <<<'
echo ''
echo 'The first thing you need to do is to change your password, otherwise'
echo 'your system will be insecure. Your password should be at least 10'
echo 'characters long and contain letters and numbers. Do this now:'
passwd
sudo su
freedombone menuconfig
rm ~/.initial_setup
fi
EOF
}
2015-11-22 12:12:38 +01:00
continue_installation() {
2015-11-21 14:12:31 +01:00
# If a configuration file exists then run with it
# otherwise the interactive installer can be used
# This is equivalent to installing freedombox-setup on freedombox
if [ $CONFIG_FILENAME ]; then
if [ ${#CONFIG_FILENAME} -gt 2 ]; then
cp $CONFIG_FILENAME $rootdir/root/$PROJECT_NAME.cfg
chroot $rootdir $PROJECT_NAME -c /root/$PROJECT_NAME.cfg
fi
fi
}
# Set to true/false to control if eatmydata is used during build
use_eatmydata=true
rootdir="$1"
fmdir="$(pwd)"
image="$fmdir"/"$2"
cd "$rootdir"
echo info: building $MACHINE for $ARCHITECTURE
export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
export LC_ALL=C LANGUAGE=C LANG=C
# Override libpam-tmpdir setting during build, as the directories
# are not created yet.
export TMP=/tmp/ TMPDIR=/tmp/
2015-11-20 22:43:03 +01:00
username=$MY_USERNAME
echo "warning: creating initial user $username with well known password!"
2015-11-20 22:43:03 +01:00
password=$MY_PASSWORD
2015-11-22 14:07:48 +01:00
chroot "$rootdir" adduser --gecos $username --disabled-password $username
echo $username:$password | chroot $rootdir /usr/sbin/chpasswd
2015-11-22 14:07:48 +01:00
chroot "$rootdir" adduser $username sudo
case "$MACHINE" in
virtualbox)
# hide irrelevant console keyboard messages.
echo "echo \"4 4 1 7\" > /proc/sys/kernel/printk" \
>> /etc/init.d/rc.local
;;
2015-11-22 23:52:59 +01:00
qemu)
# hide irrelevant console keyboard messages.
echo "echo \"4 4 1 7\" > /proc/sys/kernel/printk" \
>> /etc/init.d/rc.local
;;
esac
set_apt_sources $BUILD_MIRROR
2015-11-22 14:07:48 +01:00
chroot "$rootdir" apt-get update
cat > $rootdir/usr/sbin/policy-rc.d <<EOF
#!/bin/sh
exit 101
EOF
chmod a+rx $rootdir/usr/sbin/policy-rc.d
if $use_eatmydata ; then
enable_eatmydata_override
fi
if [ -n "$CUSTOM_SETUP" ]; then
cp "$CUSTOM_SETUP" "$rootdir"/tmp
chroot "$rootdir" apt-get install -y gdebi-core
chroot "$rootdir" gdebi -n /tmp/"$(basename $CUSTOM_SETUP)"
fi
chroot "$rootdir" apt-get install -y git dialog build-essential openssh-server
2015-11-22 14:07:48 +01:00
chroot "$rootdir" /bin/bash -x <<EOF
git clone https://github.com/bashrc/freedombone /root/freedombone
cd /root/freedombone
make install
EOF
2015-11-22 14:07:48 +01:00
chroot "$rootdir" freedombone-image-hardware-setup 2>&1 | \
tee $rootdir/var/log/freedombone-image-hardware-setup.log
rm $rootdir/usr/sbin/policy-rc.d
2015-11-22 14:07:48 +01:00
chroot "$rootdir" /usr/lib/freedombone/setup 2>&1 | \
tee $rootdir/var/log/freedombone-setup.log
# Remove SSH keys from the image
rm $rootdir/etc/ssh/ssh_host_* || true
2015-11-22 14:07:48 +01:00
if [[ "$MACHINE" != "beaglebone" ]]; then
chroot $rootdir apt-get -y install haveged
else
chroot $rootdir apt-get -y install rng-tools
sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' $rootdir/etc/default/rng-tools
fi
# copy u-boot to beginning of image
case "$MACHINE" in
beaglebone)
2015-11-20 22:43:03 +01:00
dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/MLO of="$image" \
count=1 seek=1 conv=notrunc bs=128k
dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/u-boot.img of="$image" \
count=2 seek=1 conv=notrunc bs=384k
;;
cubieboard2)
dd if=$rootdir/usr/lib/u-boot/Cubieboard2/u-boot-sunxi-with-spl.bin of="$image" \
seek=8 conv=notrunc bs=1k
;;
esac
if $use_eatmydata ; then
disable_eatmydata_override
fi
set_apt_sources $MIRROR
2015-11-22 14:07:48 +01:00
chroot "$rootdir" apt-get update
configure_ssh
2015-11-21 14:12:31 +01:00
configure_networking
admin_user_sudo
2015-11-23 11:33:45 +01:00
create_generic_image
2015-11-21 14:12:31 +01:00
continue_installation
cd /
echo "info: killing leftover processes in chroot"
# 2014-11-04 this killed /usr/lib/erlang/erts-6.2/bin/epmd, see
# <URL: https://www.ejabberd.im/epmd?q=epmd > to learn more.
fuser -mvk $rootdir/. || true