Make sure busybox is installed

Add a 5 second timeout to DigitalOcean metadata fetching, e.g. to use this script with other VPS services.

README.md

@@ -17,8 +17,17 @@ important data.
 Installation
 ------------
 1. Create a new Debian 8.x droplet (either 32-bit or 64-bit is fine).
-2. In the droplet, run the following as root:
-        `wget https://raw.githubusercontent.com/gh2o/digitalocean-debian-to-arch/debian8/install.sh && bash install.sh`
+2. Run the script in the droplet as root:
+
+    2.1. The safe way:  
+    ```
+    wget https://raw.githubusercontent.com/lesderid/digitalocean-debian-to-arch/debian8/install.sh
+    less install.sh # Inspect the file to see if it downloaded correctly and doesn't contain malicious code  
+    bash install.sh
+    ```
+    
+    2.2. The unsafe, but faster way:  
+    `curl -s https://raw.githubusercontent.com/lesderid/digitalocean-debian-to-arch/debian8/install.sh | bash -`
 3. Follow the instructions when prompted.
 4. Sit back and relax! The system will automatically reboot once complete,
    and you should have a fully updated Arch Linux system in within minutes.
@@ -29,8 +38,7 @@ This script supports several flags, all of which are optional.
 
 * `--archlinux_mirror`  
   The Arch Linux mirror from which the bootstrap image and packages should be
-  downloaded. Defaults to the DigitalOcean mirror at
-  http://mirrors.digitalocean.com/archlinux.
+  downloaded. Defaults to http://mirrors.kernel.org/archlinux
 * `--kernel_package`  
   The kernel package to install. Defaults to the vanilla `linux` package.
   Other options include `linux-lts` for long term support and `linux-grsec` for
@@ -45,8 +53,10 @@ This script supports several flags, all of which are optional.
   as used by EFI). The alternative is `dos` (traditional MBR).
 * `--target_filesystem`  
   The filesystem on which the Arch Linux installation should be installed.
-  Defaults to `ext4`. The alternative is `btrfs`.
-  
+  Defaults to `btrfs`. The alternative is `ext4`.
+* `--no_digitalocean`  
+  Disables the parts of the script specific to DigitalOcean.
+
 How it Works
 ------------
 1. A sparse disk image is created with the same size of the droplet's disk.

install.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
-################################################################################
-### INSTRUCTIONS AT https://github.com/gh2o/digitalocean-debian-to-arch/     ###
-################################################################################
+####################################################################################
+### INSTRUCTIONS AT https://github.com/lesderid/digitalocean-debian-to-arch/     ###
+####################################################################################
 
 run_from_file() {
 	local f t
@@ -32,7 +32,7 @@ run_from_file() {
 ########################################
 
 # mirror from which to download archlinux packages
-archlinux_mirror="http://mirrors.digitalocean.com/archlinux"
+archlinux_mirror="http://mirrors.kernel.org/archlinux"
 
 # package to use as kernel (linux or linux-lts)
 kernel_package=linux
@@ -44,11 +44,17 @@ target_architecture="$(uname -m)"
 target_disklabel="gpt"
 
 # new filesystem type (ext4/btrfs)
-target_filesystem="ext4"
+target_filesystem="btrfs"
+
+# running on another VPS service (experimental)
+no_digitalocean=0
 
 # NOT EXPOSED NORMALLY: don't prompt
 continue_without_prompting=0
 
+# NOT EXPOSED NORMALLY: path to metadata service
+meta_base=http://169.254.169.254/metadata/v1/
+
 ########################################
 ### END OF CONFIGURATION             ###
 ########################################
@@ -85,6 +91,9 @@ host_packages=(
 arch_packages=(
 	grub
 	openssh
+	sudo
+	vim
+	git
 )
 
 gpt1_size_MiB=1
@@ -138,6 +147,12 @@ parse_flags() {
 					shift
 					break
 					;;
+				--no_digitalocean)
+					no_digitalocean=1
+					conf_key=option_acknowledged
+					shift
+					break
+					;;
 				--help)
 					print_help_and_exit
 					;;
@@ -275,6 +290,8 @@ build_parted_cmdline() {
 }
 
 setup_loop_device() {
+	modprobe loop
+	
 	local offset_MiB=$1
 	local size_MiB=$2
 	losetup --find --show --offset ${offset_MiB}MiB --size ${size_MiB}MiB /d2a/work/image
@@ -352,31 +369,34 @@ stage1_install() {
 	log "Formatting image ..."
 	local doroot_loop=$(setup_loop_device ${doroot_offset_MiB} ${doroot_size_MiB})
 	local archroot_loop=$(setup_loop_device ${archroot_offset_MiB} ${archroot_size_MiB})
-	mkfs.ext4 -L DOROOT ${doroot_loop}
+	[[ $no_digitalocean -eq 1 ]] || mkfs.ext4 -L DOROOT ${doroot_loop}
 	mkfs.${target_filesystem} -L ArchRoot ${archroot_loop}
 
 	log "Mounting image ..."
 	mkdir -p /d2a/work/{doroot,archroot}
-	mount ${doroot_loop} /d2a/work/doroot
 	mount ${archroot_loop} /d2a/work/archroot
 
-	log "Setting up DOROOT ..."
-	mkdir -p /d2a/work/doroot/etc/network
-	touch /d2a/work/doroot/etc/network/interfaces
-	cat > /d2a/work/doroot/README <<-EOF
-		DO NOT TOUCH FILES ON THIS PARTITION.
+	if [[ $no_digitalocean -eq 0 ]]; then
+		mount ${doroot_loop} /d2a/work/doroot
 
-		The DOROOT partition is where DigitalOcean writes passwords and other data
-		when a droplet is rebuilt from an image or restored from a snapshot.
-		If certain files are missing, restores/rebuilds will not work and you will
-		end up with an unusable image.
+		log "Setting up DOROOT ..."
+		mkdir -p /d2a/work/doroot/etc/network
+		touch /d2a/work/doroot/etc/network/interfaces
+		cat > /d2a/work/doroot/README <<-EOF
+			DO NOT TOUCH FILES ON THIS PARTITION.
 
-		The digitalocean-synchronize script also watches this partition.
-		If this partition (particularly etc/shadow) is written to, the script will
-		reset the root password to the one provided by DigitalOcean and wipe all
-		SSH host keys for security.
-	EOF
-	chmod 0444 /d2a/work/doroot/README
+			The DOROOT partition is where DigitalOcean writes passwords and other data
+			when a droplet is rebuilt from an image or restored from a snapshot.
+			If certain files are missing, restores/rebuilds will not work and you will
+			end up with an unusable image.
+
+			The digitalocean-synchronize script also watches this partition.
+			If this partition (particularly etc/shadow) is written to, the script will
+			reset the root password to the one provided by DigitalOcean and wipe all
+			SSH host keys for security.
+		EOF
+		chmod 0444 /d2a/work/doroot/README
+	fi
 
 	log "Downloading bootstrap tarball ..."
 	set -- $(wget -qO- ${archlinux_mirror}/iso/latest/sha1sums.txt |
@@ -406,7 +426,16 @@ stage1_install() {
 
 	log "Preparing bootstrap filesystem ..."
 	echo "Server = ${archlinux_mirror}/\$repo/os/\$arch" > /d2a/work/archroot/etc/pacman.d/mirrorlist
-	echo 'nameserver 8.8.8.8' > /d2a/work/archroot/etc/resolv.conf
+	
+	cat > /d2a/work/archroot/etc/resolv.conf <<-EOF
+		# Google IPv6 nameservers
+		nameserver 2001:4860:4860::8888
+		nameserver 2001:4860:4860::8844
+		
+		# Google IPv4 nameservers
+		nameserver 8.8.8.8
+		nameserver 8.8.4.4
+	EOF
 
 	log "Installing base system ..."
 	chroot /d2a/work/archroot pacman-key --init
@@ -424,9 +453,29 @@ stage1_install() {
 	chroot /d2a/work/archroot usermod -p "${encrypted_password}" root
 	chroot /d2a/work/archroot systemctl enable systemd-networkd.service
 	chroot /d2a/work/archroot systemctl enable sshd.service
-	package_digitalocean_synchronize /d2a/work/archroot/dosync.pkg.tar
-	${chroot_pacman} -U --noconfirm /dosync.pkg.tar
-	rm /d2a/work/archroot/dosync.pkg.tar
+
+	if [[ $no_digitalocean -eq 0 ]]; then
+		package_digitalocean_synchronize /d2a/work/archroot/dosync.pkg.tar
+		${chroot_pacman} -U --noconfirm /dosync.pkg.tar
+		rm /d2a/work/archroot/dosync.pkg.tar
+	fi
+
+	local authkeys
+	if authkeys="$(wget -qO- -T5 -t1 ${meta_base}public-keys)" && test -z "${authkeys}"; then
+		log "*** WARNING ***"
+		log "SSH public keys are not configured for this droplet."
+		log "PermitRootLogin will be enabled in sshd_config to permit root logins over SSH."
+		log "This is a security risk, as passwords are not as secure as public keys."
+		log "To set up public keys, visit the following URL: https://goo.gl/iEgFRs"
+		log "Remember to remove the PermitRootLogin option from sshd_config after doing so."
+		cat >> /d2a/work/archroot/etc/ssh/sshd_config <<-EOF
+
+			# This enables password logins to root over SSH.
+			# This is insecure; see https://goo.gl/iEgFRs to set up public keys.
+			PermitRootLogin yes
+
+		EOF
+	fi
 
 	log "Finishing up image generation ..."
 	ln -f /d2a/work/image /d2a/image
@@ -511,7 +560,10 @@ insert_into_allocation_map() {
 stage2_arrange() {
 	local disk_sectors=$(cat /sys/block/vda/size)
 	local root_device=$(awk '$2 == "/" { root = $1 } END { print root }' /proc/mounts)
-	local root_offset_sectors=$(cat /sys/block/vda/${root_device#/dev/}/start)
+	local root_offset_sectors=0
+	if [[ $root_device != "/dev/vda" ]]; then
+		root_offset_sectors=$(cat /sys/block/vda/${root_device#/dev/}/start)
+	fi
 	local srcdst_map=()     # original source to target map
 	local unalloc_map=()    # extents not used by either source or target (for tmpdst_map)
 	local tmpdst_map=()     # extents on temporary redirection (allocated from unalloc_map)
@@ -679,6 +731,9 @@ stage3_prepare() {
 	# mount tmpfs
 	mount -t tmpfs mid /d2a/mid
 
+	# make sure busybox is installed
+	apt-get -yqq install busybox
+
 	# add binaries
 	add_binary_to_mid /bin/busybox
 	add_binary_to_mid /bin/bash
@@ -1001,7 +1056,7 @@ ExecStart=/usr/sbin/digitalocean-synchronize
 pkgname = digitalocean-synchronize
 pkgver = 2.4-2
 pkgdesc = DigitalOcean Synchronization (passwords, keys, networks)
-url = https://github.com/gh2o/digitalocean-debian-to-arch
+url = https://github.com/lesderid/digitalocean-debian-to-arch
 arch = any
 license = GPL
 !!!!