#!/bin/bash # # .---. . . # | | | # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-' # ' ' --' --' -' - -' ' ' -' -' -' ' - --' # # Freedom in the Cloud # # Creates a debian image using vmdebootstrap # # To shut down after error: fuser -mvk /tmp/tmpdir/build # # License # ======= # # Copyright (C) 2015-2016 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . PROJECT_NAME='freedombone' export TEXTDOMAIN=${PROJECT_NAME}-image export TEXTDOMAINDIR="/usr/share/locale" PROJECT_REPO="https://github.com/bashrc/${PROJECT_NAME}" # recommended RAM for virtual machines VM_MEMORY='1G' VARIANT='full' # fixed username and password when the --generic option is used GENERIC_IMAGE_USERNAME='fbone' GENERIC_IMAGE_PASSWORD='freedombone' IMAGE_TYPE='beaglebone' CURR_DIR=$(pwd) CURR_USER=$(echo $USER) TEMPBUILD_DIR=~/.tmp_${PROJECT_NAME}_build VMDEBOOTSTRAP_REPO=git://git.liw.fi/vmdebootstrap VMDEBOOTSTRAP_VERSION=0.8 MAKEFILE=${PROJECT_NAME}-image-makefile IMAGE_SIZE=7.8G IMAGE_SIZE_SPECIFIED= IMAGE_NAME='full' USERNAME=$(echo $USER) PASSWORD= # IP address of the router (gateway) ROUTER_IP_ADDRESS="192.168.1.254" # The fixed IP address of the Beaglebone Black (or other SBC) on your local network BOX_IP_ADDRESS="192.168.1.55" # DNS NAMESERVER1='213.73.91.35' NAMESERVER2='85.214.20.141' # An optional freedombone configuration file CONFIG_FILENAME= DEFAULT_DOMAIN_NAME="${PROJECT_NAME}.local" # Minimum number of characters in a password MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}') # Optional ssh public key to allow SSH_PUBKEY="no" # interactive mode INTERACTIVE="no" # Whether this is a generic image for mass redistribution on the interwebs GENERIC_IMAGE="yes" # Whether to reduce the number of decisions during interactive install MINIMAL_INSTALL="yes" # default SSH port SSH_PORT=2222 # Whether sites are accessible only within a Tor browser ONION_ONLY="no" # Where to fetch packages #MIRROR='http://httpredir.debian.org/debian' MIRROR='http://ftp.de.debian.org/debian' # Whether to only install debian but nothing else DEBIAN_INSTALL_ONLY='no' # wifi settings WIFI_INTERFACE='wlan0' WIFI_SSID= WIFI_TYPE='wpa2-psk' WIFI_PASSPHRASE= WIFI_HOTSPOT='no' WIFI_NETWORKS_FILE=~/${PROJECT_NAME}-wifi.cfg # Whether to install non-free wifi drivers for the mesh client INSECURE='no' # for mesh installs whether to delete all data and generate # a new identity at every shutdown/boot AMNESIC='no' mesh_router_setup_script() { # create a setup script for a mesh router mesh_script_filename=$1 echo "MY_USERNAME=${USERNAME}" > $mesh_script_filename echo "DEFAULT_DOMAIN_NAME=${USERNAME}" >> $mesh_script_filename echo 'SYSTEM_TYPE=mesh' >> $mesh_script_filename echo 'INSTALLING_ON_BBB=no' >> $mesh_script_filename echo 'USB_DRIVE=/dev/sda1' >> $mesh_script_filename echo 'DDNS_PROVIDER=' >> $mesh_script_filename echo 'DDNS_USERNAME=' >> $mesh_script_filename echo 'DDNS_PASSWORD=' >> $mesh_script_filename echo 'DEFAULT_LANGUAGE=en_GB.UTF-8' >> $mesh_script_filename echo 'MY_EMAIL_ADDRESS=' >> $mesh_script_filename echo 'ENABLE_CJDNS=no' >> $mesh_script_filename echo 'ENABLE_BATMAN=yes' >> $mesh_script_filename echo 'ENABLE_BABEL=no' >> $mesh_script_filename echo 'DEBIAN_REPO=' >> $mesh_script_filename echo 'NAMESERVER1=' >> $mesh_script_filename echo 'NAMESERVER2=' >> $mesh_script_filename echo 'BATMAN_CELLID=any' >> $mesh_script_filename echo 'WIFI_CHANNEL=9' >> $mesh_script_filename } while [[ $# > 1 ]] do key="$1" case $key in -h|--help) show_help ;; -c|--config) shift CONFIG_FILENAME="$1" if [ ! -f $CONFIG_FILENAME ]; then echo $"Config file $CONFIG_FILENAME not found" exit 3 fi DEFAULT_DOMAIN_NAME=$(cat $CONFIG_FILENAME | grep 'DEFAULT_DOMAIN_NAME' | awk -F '=' '{print $2}') ;; -t|--target|--board) shift IMAGE_TYPE="$1" ;; -u|--user|--username) shift USERNAME="$1" ;; -p|--password) shift PASSWORD="$1" if [ ${#PASSWORD} -lt $MINIMUM_PASSWORD_LENGTH ]; then echo $"Your password chould contain at least ${MINIMUM_PASSWORD_LENGTH} characters" exit 3628 fi ;; --sshkey|--sshpubkey|--pubkey) shift SSH_PUBKEY="$1" ;; -s|--size) shift IMAGE_SIZE="$1" IMAGE_SIZE_SPECIFIED=1 ;; # Box static IP address on the LAN --ip) shift BOX_IP_ADDRESS="$1" ;; # Router IP address on the LAN --iprouter) shift ROUTER_IP_ADDRESS="$1" ;; # nameserver 1 --ns1|--nameserver1) shift NAMESERVER1="$1" ;; # nameserver 2 --ns2|--nameserver2) shift NAMESERVER2="$1" ;; -i|--interactive) shift INTERACTIVE="$1" ;; -g|--generic) shift GENERIC_IMAGE="$1" ;; --minimal) shift MINIMAL_INSTALL="$1" ;; --ssh|--sshport) shift SSH_PORT="$1" ;; -v|--variant) shift VARIANT="$1" ;; -o|--onion) shift ONION_ONLY="$1" ;; -a|--amnesic) shift AMNESIC="$1" ;; -r|--repo|--repository) shift PROJECT_REPO="$1" ;; -m|--mirror) shift MIRROR="$1" ;; --debianonly|--basic|--minimal) shift DEBIAN_INSTALL_ONLY="$1" ;; --interface|--if) shift WIFI_INTERFACE="$1" ;; --ssid|--essid) shift WIFI_SSID="$1" ;; --wifitype) shift WIFI_TYPE="$1" ;; --wifipass|--passphrase) shift WIFI_PASSPHRASE="$1" ;; --hotspot) shift if [[ $"$1" == $'yes' || $"$1" == $'y' ]]; then WIFI_HOTSPOT='yes' fi ;; --networks) shift WIFI_NETWORKS_FILE="$1" ;; --insecure) shift INSECURE="$1" ;; *) # unknown option ;; esac shift done if [[ $INTERACTIVE == "yes" || $INTERACTIVE == "y" || $INTERACTIVE == "Yes" ]]; then ${PROJECT_NAME}-config --minimal "$MINIMAL_INSTALL" if [ -f freedombone.cfg ]; then CONFIG_FILENAME=freedombone.cfg DEFAULT_DOMAIN_NAME=$(cat $CONFIG_FILENAME | grep 'DEFAULT_DOMAIN_NAME' | awk -F '=' '{print $2}') fi fi if [[ $GENERIC_IMAGE == "yes" ]]; then USERNAME=$GENERIC_IMAGE_USERNAME PASSWORD=$GENERIC_IMAGE_PASSWORD fi if [ ! $PASSWORD ]; then # generate a random password PASSWORD="$(openssl rand -base64 30 | cut -c1-${MINIMUM_PASSWORD_LENGTH})" fi # Move any existing images into a build subdirectory image_types=( xz img sig vdi qcow2 ) for im in "${image_types[@]}" do no_of_files=$(ls -afq ${CURR_DIR}/${PROJECT_NAME}*.${im} | wc -l) if (( no_of_files > 0 )); then if [ ! -d ${CURR_DIR}/build ]; then mkdir ${CURR_DIR}/build fi mv -f ${CURR_DIR}/${PROJECT_NAME}*.${im} ${CURR_DIR}/build fi done # Delete anything which didn't move for im in "${image_types[@]}" do no_of_files=$(ls -afq ${CURR_DIR}/${PROJECT_NAME}*.${im} | wc -l) if (( no_of_files > 0 )); then rm -f ${CURR_DIR}/${PROJECT_NAME}*.${im} fi done # Remove any existing login credentials file if [ -f ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt ]; then rm ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt fi if [ -d $TEMPBUILD_DIR ]; then rm -rf $TEMPBUILD_DIR fi mkdir -p $TEMPBUILD_DIR if [ -f /usr/local/bin/$MAKEFILE ]; then cp /usr/local/bin/$MAKEFILE $TEMPBUILD_DIR/Makefile else cp /usr/bin/$MAKEFILE $TEMPBUILD_DIR/Makefile fi cp -r /etc/${PROJECT_NAME}/* $TEMPBUILD_DIR rm -rf $TEMPBUILD_DIR/vendor chown -R $CURR_USER:$CURR_USER $TEMPBUILD_DIR cd $TEMPBUILD_DIR if [[ $MINIMAL_INSTALL == "yes" ]]; then IMAGE_NAME=$'min' fi if [[ $ONION_ONLY != "no" ]]; then IMAGE_NAME=$'onion' fi if [[ $VARIANT == 'mesh' ]]; then IMAGE_NAME=$'mesh' # typically not much disk space is needed for a mesh node if [ ! $IMAGE_SIZE_SPECIFIED ]; then IMAGE_SIZE=2G fi fi if [[ $VARIANT == 'meshclient' || $VARIANT == 'meshusb' ]]; then IMAGE_NAME=$'meshclient' if [[ $INSECURE != 'no' ]]; then IMAGE_NAME=$'meshclient-insecure' fi if [ ! $IMAGE_SIZE_SPECIFIED ]; then IMAGE_SIZE=7.8G fi fi if [[ $VARIANT == 'usb' ]]; then IMAGE_NAME=$'usb' fi # append amnesic to the image name if needed if [[ $AMNESIC != 'no' ]]; then IMAGE_NAME="${IMAGE_NAME}-amnesic" fi cd $TEMPBUILD_DIR make $IMAGE_TYPE \ MYUSERNAME="$USERNAME" \ MYPASSWORD="$PASSWORD" \ ROUTER_IP_ADDRESS="$ROUTER_IP_ADDRESS" \ BOX_IP_ADDRESS="$BOX_IP_ADDRESS" \ NAMESERVER1="$NAMESERVER1" \ NAMESERVER2="$NAMESERVER2" \ PROJECT_NAME="$PROJECT_NAME" \ CONFIG_FILENAME="$CONFIG_FILENAME" \ IMAGE_SIZE="$IMAGE_SIZE" \ SSH_PUBKEY="$SSH_PUBKEY" \ GENERIC_IMAGE="$GENERIC_IMAGE" \ MINIMAL_INSTALL="$MINIMAL_INSTALL" \ SSH_PORT="$SSH_PORT" \ ONION_ONLY="$ONION_ONLY" \ IMAGE_NAME="$IMAGE_NAME" \ PROJECT_REPO="$PROJECT_REPO" \ MIRROR="$MIRROR" \ BUILD_MIRROR="$MIRROR" \ DEBIAN_INSTALL_ONLY="$DEBIAN_INSTALL_ONLY" \ WIFI_INTERFACE="$WIFI_INTERFACE" \ WIFI_SSID="$WIFI_SSID" \ WIFI_TYPE="$WIFI_TYPE" \ WIFI_PASSPHRASE="$WIFI_PASSPHRASE" \ WIFI_HOTSPOT="$WIFI_HOTSPOT" \ WIFI_NETWORKS_FILE="$WIFI_NETWORKS_FILE" \ VARIANT="$VARIANT" \ MINIMUM_PASSWORD_LENGTH="$MINIMUM_PASSWORD_LENGTH" \ INSECURE="$INSECURE" \ AMNESIC="$AMNESIC" if [ ! "$?" = "0" ]; then echo $'Build failed' rm -rf $TEMPBUILD_DIR exit 1 fi EXPECTED_EXTENSION='xz' if [[ $IMAGE_TYPE == "qemu"* ]]; then EXPECTED_EXTENSION='qcow2' fi if [[ $IMAGE_TYPE == "virtualbox"* ]]; then EXPECTED_EXTENSION='vdi' fi shopt -s nullglob imgfiles=(build/${PROJECT_NAME}*.${EXPECTED_EXTENSION}) if [ ${#imgfiles[@]} -eq 0 ]; then echo $'Image was not created' rm -rf $TEMPBUILD_DIR exit 2 fi # Move images from temporary directory to the current directory for im in "${image_types[@]}" do no_of_files=$(ls -afq build/${PROJECT_NAME}*.${im} | wc -l) if (( no_of_files > 0 )); then mv build/${PROJECT_NAME}*.${im} ${CURR_DIR}/ sudo chown ${CURR_USER}:${CURR_USER} ${CURR_DIR}/*.${im} fi done # Remove the temporary directory rm -rf ${TEMPBUILD_DIR} cd ${CURR_DIR} clear if [[ $VARIANT != 'meshclient' && $VARIANT != 'meshusb' && $VARIANT != 'mesh' ]]; then echo $" Image was created. You will be able to log into it with: " if [[ $IMAGE_TYPE != "virtualbox"* && $IMAGE_TYPE != "qemu"* ]]; then echo $" ssh $USERNAME@$DEFAULT_DOMAIN_NAME -p $SSH_PORT Password: $PASSWORD " else if [[ $IMAGE_TYPE != "qemu"* ]]; then echo $" Username: $USERNAME Password: $PASSWORD " else if [[ $IMAGE_TYPE != "qemu-x86_64"* && $IMAGE_TYPE != "qemu-amd64"* ]]; then echo "qemu-system-i386 -m ${VM_MEMORY} $(ls ${PROJECT_NAME}*.qcow2)" else echo "qemu-system-x86_64 -m ${VM_MEMORY} $(ls ${PROJECT_NAME}*.qcow2)" fi echo $" Username: $USERNAME Password: $PASSWORD " fi fi else echo $" Image was created. " fi ls -lh ${PROJECT_NAME}*.img ${PROJECT_NAME}*.sig ${PROJECT_NAME}*.xz ${PROJECT_NAME}*.vdi ${PROJECT_NAME}*.qcow2 # Remove the mesh script after use if [[ $VARIANT == "mesh"* ]]; then rm -f $CONFIG_FILENAME fi # record the default login credentials for later use echo $"Username: $USERNAME Password: $PASSWORD" > ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt chmod 600 ${CURR_DIR}/${PROJECT_NAME}_login_credentials.txt if [[ $IMAGE_TYPE != "virtualbox"* && $IMAGE_TYPE != "qemu"* ]]; then echo '' if [[ $VARIANT != 'meshclient' && $VARIANT != 'meshusb' ]]; then echo $'You can copy the image to a microSD card with:' else echo $'You can copy the image to a USB drive with:' fi echo '' echo " unxz -k ${PROJECT_NAME}*.img.xz" echo " sudo dd bs=1M if=${PROJECT_NAME}*.img of=/dev/sdX conv=fdatasync" echo '' fi exit 0