#!/bin/bash # # .---. . . # | | | # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-' # ' ' --' --' -' - -' ' ' -' -' -' ' - --' # # Freedom in the Cloud # # Based on bin/freedombox-customize from freedom-maker # # License # ======= # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . set -e set -x PROJECT_NAME='freedombone' MY_USERNAME='debian' MY_PASSWORD='freedombone' # IP address of the router (gateway) ROUTER_IP_ADDRESS="192.168.1.254" # The fixed IP address of the Beaglebone Black on your local network BOX_IP_ADDRESS="192.168.1.55" # DNS NAMESERVER1='213.73.91.35' NAMESERVER2='85.214.20.141' # optional configuration file containing freedombone settings CONFIG_FILENAME= # Optional ssh public key to allow SSH_PUBKEY="no" # Whether this is a generic image for mass redistribution on the interwebs GENERIC_IMAGE="no" enable_eatmydata_override() { chroot $rootdir apt-get install --no-install-recommends -y eatmydata if [ -x $rootdir/usr/bin/eatmydata ] && \ [ ! -f $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata ]; then echo "info: Adding apt config to call dpkg via eatmydata" printf "#!/bin/sh\nexec eatmydata dpkg \"\$@\"\n" \ > $rootdir/var/tmp/dpkg-eatmydata chmod 755 $rootdir/var/tmp/dpkg-eatmydata cat > $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata < etc/apt/sources.list deb $NEW_MIRROR $SUITE $COMPONENTS deb-src $NEW_MIRROR $SUITE $COMPONENTS #deb http://security.debian.org/ $SUITE/updates main #deb-src http://security.debian.org/ $SUITE/updates main EOF } configure_networking() { echo "# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address $BOX_IP_ADDRESS netmask 255.255.255.0 gateway $ROUTER_IP_ADDRESS dns-nameservers $NAMESERVER1 $NAMESERVER2 # Example to keep MAC address between reboots #hwaddress ether B5:A2:BE:3F:1A:FE # The secondary network interface #auto eth1 #iface eth1 inet dhcp # WiFi Example #auto wlan0 #iface wlan0 inet dhcp # wpa-ssid \"essid\" # wpa-psk \"password\" # Ethernet/RNDIS gadget (g_ether) # ... or on host side, usbnet and random hwaddr # Note on some boards, usb0 is automaticly setup with an init script #iface usb0 inet static # address 192.168.7.2 # netmask 255.255.255.0 # network 192.168.7.0 # gateway 192.168.7.1" > $rootdir/etc/network/interfaces hexarray=( 1 2 3 4 5 6 7 8 9 0 a b c d e f ) a=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]} b=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]} c=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]} d=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]} e=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]} sed -i "s|#hwaddress ether.*|hwaddress ether de:$a:$b:$c:$d:$e|g" \ $rootdir/etc/network/interfaces sed -i "s/nameserver.*/nameserver $NAMESERVER1/g" $rootdir/etc/resolv.conf sed -i "/nameserver $NAMESERVER1/a\nameserver $NAMESERVER2" $rootdir/etc/resolv.conf # change the motd to show further install instructions echo " .---. . . | | | |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. | | (.-' (.-' ( | ( )| | | | )( )| | (.-' ' ' --' --' -' - -' ' ' -' -' -' ' - --' Initial base install Your system is not yet installed. To complete the process run the following commands, then enter your details. sudo su freedombone menuconfig " > $rootdir/etc/motd } configure_ssh() { sed -i "s/Port .*/Port 2222/g" $rootdir/etc/ssh/sshd_config if [[ "$SSH_PUBKEY" != "no" ]]; then if [ ! -d $rootdir/home/$MY_USERNAME/.ssh ]; then mkdir $rootdir/home/$MY_USERNAME/.ssh fi echo "$SSH_PUBKEY" > $rootdir/home/$MY_USERNAME/.ssh/authorized_keys chroot $rootdir chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config echo "Using ssh public key:" echo $SSH_PUBKEY echo 'Password ssh authentication turned off' fi } admin_user_sudo() { echo "$MY_USERNAME ALL=(ALL) ALL" >> $rootdir/etc/sudoers } create_generic_image() { if [[ $GENERIC_IMAGE == "no" ]]; then return fi # Don't install any configuration. This will be a base system CONFIG_FILENAME= # The presence of this file indicates that the initial # setup has not yet been completed touch $rootdir/home/$MY_USERNAME/.initial_setup cat >> /home/$MY_USERNAME/.bashrc <>> Freedombone system initial setup <<<' echo '' echo 'The first thing you need to do is to change your password, otherwise' echo 'your system will be insecure. Your password should be at least 10' echo 'characters long and contain letters and numbers. Do this now:' passwd sudo su freedombone menuconfig rm ~/.initial_setup fi EOF } continue_installation() { # If a configuration file exists then run with it # otherwise the interactive installer can be used # This is equivalent to installing freedombox-setup on freedombox if [ $CONFIG_FILENAME ]; then if [ ${#CONFIG_FILENAME} -gt 2 ]; then cp $CONFIG_FILENAME $rootdir/root/$PROJECT_NAME.cfg chroot $rootdir $PROJECT_NAME -c /root/$PROJECT_NAME.cfg fi fi } # Set to true/false to control if eatmydata is used during build use_eatmydata=true rootdir="$1" fmdir="$(pwd)" image="$fmdir"/"$2" cd "$rootdir" echo info: building $MACHINE for $ARCHITECTURE export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true export LC_ALL=C LANGUAGE=C LANG=C # Override libpam-tmpdir setting during build, as the directories # are not created yet. export TMP=/tmp/ TMPDIR=/tmp/ username=$MY_USERNAME echo "warning: creating initial user $username with well known password!" password=$MY_PASSWORD chroot "$rootdir" adduser --gecos $username --disabled-password $username echo $username:$password | chroot $rootdir /usr/sbin/chpasswd chroot "$rootdir" adduser $username sudo case "$MACHINE" in virtualbox) # hide irrelevant console keyboard messages. echo "echo \"4 4 1 7\" > /proc/sys/kernel/printk" \ >> /etc/init.d/rc.local ;; qemu) # hide irrelevant console keyboard messages. echo "echo \"4 4 1 7\" > /proc/sys/kernel/printk" \ >> /etc/init.d/rc.local ;; esac set_apt_sources $BUILD_MIRROR chroot "$rootdir" apt-get update cat > $rootdir/usr/sbin/policy-rc.d <&1 | \ tee $rootdir/var/log/freedombone-image-hardware-setup.log rm $rootdir/usr/sbin/policy-rc.d chroot "$rootdir" /usr/lib/freedombone/setup 2>&1 | \ tee $rootdir/var/log/freedombone-setup.log # Remove SSH keys from the image rm $rootdir/etc/ssh/ssh_host_* || true if [[ "$MACHINE" != "beaglebone" ]]; then chroot $rootdir apt-get -y install haveged else chroot $rootdir apt-get -y install rng-tools sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' $rootdir/etc/default/rng-tools fi # copy u-boot to beginning of image case "$MACHINE" in beaglebone) dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/MLO of="$image" \ count=1 seek=1 conv=notrunc bs=128k dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/u-boot.img of="$image" \ count=2 seek=1 conv=notrunc bs=384k ;; cubieboard2) dd if=$rootdir/usr/lib/u-boot/Cubieboard2/u-boot-sunxi-with-spl.bin of="$image" \ seek=8 conv=notrunc bs=1k ;; esac if $use_eatmydata ; then disable_eatmydata_override fi set_apt_sources $MIRROR chroot "$rootdir" apt-get update configure_ssh configure_networking admin_user_sudo create_generic_image continue_installation cd / echo "info: killing leftover processes in chroot" # 2014-11-04 this killed /usr/lib/erlang/erts-6.2/bin/epmd, see # to learn more. fuser -mvk $rootdir/. || true