Compare commits
21 Commits
Author | SHA1 | Date |
---|---|---|
Les De Ridder | 8195d0abe0 | |
Les De Ridder | 6ad33e994d | |
Les De Ridder | 022676c05f | |
Les De Ridder | 39d48042d9 | |
Les De Ridder | 94b8c0382f | |
Les De Ridder | 08a30309a5 | |
Les De Ridder | be73259522 | |
Les De Ridder | bf7825fc6f | |
Les De Ridder | e05e5737cc | |
Gavin Li | 3547def007 | |
Matt Gibbs | 27f7d5a323 | |
Gavin Li | 9e159cdcf1 | |
Gavin Li | adc2d38ee1 | |
Les De Ridder | e1e44ffbad | |
Les De Ridder | 42444481fd | |
Les De Ridder | 71407a482d | |
Les De Ridder | 82e4df6d9a | |
Les De Ridder | 71f271c56f | |
Les De Ridder | 4e8a970688 | |
Les De Ridder | 4a09000195 | |
Gavin Li | d00349da3d |
22
README.md
22
README.md
|
@ -17,8 +17,17 @@ important data.
|
|||
Installation
|
||||
------------
|
||||
1. Create a new Debian 8.x droplet (either 32-bit or 64-bit is fine).
|
||||
2. In the droplet, run the following as root:
|
||||
`wget https://raw.githubusercontent.com/gh2o/digitalocean-debian-to-arch/debian8/install.sh && bash install.sh`
|
||||
2. Run the script in the droplet as root:
|
||||
|
||||
2.1. The safe way:
|
||||
```
|
||||
wget https://raw.githubusercontent.com/lesderid/digitalocean-debian-to-arch/debian8/install.sh
|
||||
less install.sh # Inspect the file to see if it downloaded correctly and doesn't contain malicious code
|
||||
bash install.sh
|
||||
```
|
||||
|
||||
2.2. The unsafe, but faster way:
|
||||
`curl -s https://raw.githubusercontent.com/lesderid/digitalocean-debian-to-arch/debian8/install.sh | bash -`
|
||||
3. Follow the instructions when prompted.
|
||||
4. Sit back and relax! The system will automatically reboot once complete,
|
||||
and you should have a fully updated Arch Linux system in within minutes.
|
||||
|
@ -29,8 +38,7 @@ This script supports several flags, all of which are optional.
|
|||
|
||||
* `--archlinux_mirror`
|
||||
The Arch Linux mirror from which the bootstrap image and packages should be
|
||||
downloaded. Defaults to the DigitalOcean mirror at
|
||||
http://mirrors.digitalocean.com/archlinux.
|
||||
downloaded. Defaults to http://mirrors.kernel.org/archlinux
|
||||
* `--kernel_package`
|
||||
The kernel package to install. Defaults to the vanilla `linux` package.
|
||||
Other options include `linux-lts` for long term support and `linux-grsec` for
|
||||
|
@ -45,8 +53,10 @@ This script supports several flags, all of which are optional.
|
|||
as used by EFI). The alternative is `dos` (traditional MBR).
|
||||
* `--target_filesystem`
|
||||
The filesystem on which the Arch Linux installation should be installed.
|
||||
Defaults to `ext4`. The alternative is `btrfs`.
|
||||
|
||||
Defaults to `btrfs`. The alternative is `ext4`.
|
||||
* `--no_digitalocean`
|
||||
Disables the parts of the script specific to DigitalOcean.
|
||||
|
||||
How it Works
|
||||
------------
|
||||
1. A sparse disk image is created with the same size of the droplet's disk.
|
||||
|
|
111
install.sh
111
install.sh
|
@ -1,8 +1,8 @@
|
|||
#!/bin/bash
|
||||
|
||||
################################################################################
|
||||
### INSTRUCTIONS AT https://github.com/gh2o/digitalocean-debian-to-arch/ ###
|
||||
################################################################################
|
||||
####################################################################################
|
||||
### INSTRUCTIONS AT https://github.com/lesderid/digitalocean-debian-to-arch/ ###
|
||||
####################################################################################
|
||||
|
||||
run_from_file() {
|
||||
local f t
|
||||
|
@ -32,7 +32,7 @@ run_from_file() {
|
|||
########################################
|
||||
|
||||
# mirror from which to download archlinux packages
|
||||
archlinux_mirror="http://mirrors.digitalocean.com/archlinux"
|
||||
archlinux_mirror="http://mirrors.kernel.org/archlinux"
|
||||
|
||||
# package to use as kernel (linux or linux-lts)
|
||||
kernel_package=linux
|
||||
|
@ -44,11 +44,17 @@ target_architecture="$(uname -m)"
|
|||
target_disklabel="gpt"
|
||||
|
||||
# new filesystem type (ext4/btrfs)
|
||||
target_filesystem="ext4"
|
||||
target_filesystem="btrfs"
|
||||
|
||||
# running on another VPS service (experimental)
|
||||
no_digitalocean=0
|
||||
|
||||
# NOT EXPOSED NORMALLY: don't prompt
|
||||
continue_without_prompting=0
|
||||
|
||||
# NOT EXPOSED NORMALLY: path to metadata service
|
||||
meta_base=http://169.254.169.254/metadata/v1/
|
||||
|
||||
########################################
|
||||
### END OF CONFIGURATION ###
|
||||
########################################
|
||||
|
@ -85,6 +91,9 @@ host_packages=(
|
|||
arch_packages=(
|
||||
grub
|
||||
openssh
|
||||
sudo
|
||||
vim
|
||||
git
|
||||
)
|
||||
|
||||
gpt1_size_MiB=1
|
||||
|
@ -138,6 +147,12 @@ parse_flags() {
|
|||
shift
|
||||
break
|
||||
;;
|
||||
--no_digitalocean)
|
||||
no_digitalocean=1
|
||||
conf_key=option_acknowledged
|
||||
shift
|
||||
break
|
||||
;;
|
||||
--help)
|
||||
print_help_and_exit
|
||||
;;
|
||||
|
@ -275,6 +290,8 @@ build_parted_cmdline() {
|
|||
}
|
||||
|
||||
setup_loop_device() {
|
||||
modprobe loop
|
||||
|
||||
local offset_MiB=$1
|
||||
local size_MiB=$2
|
||||
losetup --find --show --offset ${offset_MiB}MiB --size ${size_MiB}MiB /d2a/work/image
|
||||
|
@ -352,31 +369,34 @@ stage1_install() {
|
|||
log "Formatting image ..."
|
||||
local doroot_loop=$(setup_loop_device ${doroot_offset_MiB} ${doroot_size_MiB})
|
||||
local archroot_loop=$(setup_loop_device ${archroot_offset_MiB} ${archroot_size_MiB})
|
||||
mkfs.ext4 -L DOROOT ${doroot_loop}
|
||||
[[ $no_digitalocean -eq 1 ]] || mkfs.ext4 -L DOROOT ${doroot_loop}
|
||||
mkfs.${target_filesystem} -L ArchRoot ${archroot_loop}
|
||||
|
||||
log "Mounting image ..."
|
||||
mkdir -p /d2a/work/{doroot,archroot}
|
||||
mount ${doroot_loop} /d2a/work/doroot
|
||||
mount ${archroot_loop} /d2a/work/archroot
|
||||
|
||||
log "Setting up DOROOT ..."
|
||||
mkdir -p /d2a/work/doroot/etc/network
|
||||
touch /d2a/work/doroot/etc/network/interfaces
|
||||
cat > /d2a/work/doroot/README <<-EOF
|
||||
DO NOT TOUCH FILES ON THIS PARTITION.
|
||||
if [[ $no_digitalocean -eq 0 ]]; then
|
||||
mount ${doroot_loop} /d2a/work/doroot
|
||||
|
||||
The DOROOT partition is where DigitalOcean writes passwords and other data
|
||||
when a droplet is rebuilt from an image or restored from a snapshot.
|
||||
If certain files are missing, restores/rebuilds will not work and you will
|
||||
end up with an unusable image.
|
||||
log "Setting up DOROOT ..."
|
||||
mkdir -p /d2a/work/doroot/etc/network
|
||||
touch /d2a/work/doroot/etc/network/interfaces
|
||||
cat > /d2a/work/doroot/README <<-EOF
|
||||
DO NOT TOUCH FILES ON THIS PARTITION.
|
||||
|
||||
The digitalocean-synchronize script also watches this partition.
|
||||
If this partition (particularly etc/shadow) is written to, the script will
|
||||
reset the root password to the one provided by DigitalOcean and wipe all
|
||||
SSH host keys for security.
|
||||
EOF
|
||||
chmod 0444 /d2a/work/doroot/README
|
||||
The DOROOT partition is where DigitalOcean writes passwords and other data
|
||||
when a droplet is rebuilt from an image or restored from a snapshot.
|
||||
If certain files are missing, restores/rebuilds will not work and you will
|
||||
end up with an unusable image.
|
||||
|
||||
The digitalocean-synchronize script also watches this partition.
|
||||
If this partition (particularly etc/shadow) is written to, the script will
|
||||
reset the root password to the one provided by DigitalOcean and wipe all
|
||||
SSH host keys for security.
|
||||
EOF
|
||||
chmod 0444 /d2a/work/doroot/README
|
||||
fi
|
||||
|
||||
log "Downloading bootstrap tarball ..."
|
||||
set -- $(wget -qO- ${archlinux_mirror}/iso/latest/sha1sums.txt |
|
||||
|
@ -406,7 +426,16 @@ stage1_install() {
|
|||
|
||||
log "Preparing bootstrap filesystem ..."
|
||||
echo "Server = ${archlinux_mirror}/\$repo/os/\$arch" > /d2a/work/archroot/etc/pacman.d/mirrorlist
|
||||
echo 'nameserver 8.8.8.8' > /d2a/work/archroot/etc/resolv.conf
|
||||
|
||||
cat > /d2a/work/archroot/etc/resolv.conf <<-EOF
|
||||
# Google IPv6 nameservers
|
||||
nameserver 2001:4860:4860::8888
|
||||
nameserver 2001:4860:4860::8844
|
||||
|
||||
# Google IPv4 nameservers
|
||||
nameserver 8.8.8.8
|
||||
nameserver 8.8.4.4
|
||||
EOF
|
||||
|
||||
log "Installing base system ..."
|
||||
chroot /d2a/work/archroot pacman-key --init
|
||||
|
@ -424,9 +453,29 @@ stage1_install() {
|
|||
chroot /d2a/work/archroot usermod -p "${encrypted_password}" root
|
||||
chroot /d2a/work/archroot systemctl enable systemd-networkd.service
|
||||
chroot /d2a/work/archroot systemctl enable sshd.service
|
||||
package_digitalocean_synchronize /d2a/work/archroot/dosync.pkg.tar
|
||||
${chroot_pacman} -U --noconfirm /dosync.pkg.tar
|
||||
rm /d2a/work/archroot/dosync.pkg.tar
|
||||
|
||||
if [[ $no_digitalocean -eq 0 ]]; then
|
||||
package_digitalocean_synchronize /d2a/work/archroot/dosync.pkg.tar
|
||||
${chroot_pacman} -U --noconfirm /dosync.pkg.tar
|
||||
rm /d2a/work/archroot/dosync.pkg.tar
|
||||
fi
|
||||
|
||||
local authkeys
|
||||
if authkeys="$(wget -qO- -T5 -t1 ${meta_base}public-keys)" && test -z "${authkeys}"; then
|
||||
log "*** WARNING ***"
|
||||
log "SSH public keys are not configured for this droplet."
|
||||
log "PermitRootLogin will be enabled in sshd_config to permit root logins over SSH."
|
||||
log "This is a security risk, as passwords are not as secure as public keys."
|
||||
log "To set up public keys, visit the following URL: https://goo.gl/iEgFRs"
|
||||
log "Remember to remove the PermitRootLogin option from sshd_config after doing so."
|
||||
cat >> /d2a/work/archroot/etc/ssh/sshd_config <<-EOF
|
||||
|
||||
# This enables password logins to root over SSH.
|
||||
# This is insecure; see https://goo.gl/iEgFRs to set up public keys.
|
||||
PermitRootLogin yes
|
||||
|
||||
EOF
|
||||
fi
|
||||
|
||||
log "Finishing up image generation ..."
|
||||
ln -f /d2a/work/image /d2a/image
|
||||
|
@ -511,7 +560,10 @@ insert_into_allocation_map() {
|
|||
stage2_arrange() {
|
||||
local disk_sectors=$(cat /sys/block/vda/size)
|
||||
local root_device=$(awk '$2 == "/" { root = $1 } END { print root }' /proc/mounts)
|
||||
local root_offset_sectors=$(cat /sys/block/vda/${root_device#/dev/}/start)
|
||||
local root_offset_sectors=0
|
||||
if [[ $root_device != "/dev/vda" ]]; then
|
||||
root_offset_sectors=$(cat /sys/block/vda/${root_device#/dev/}/start)
|
||||
fi
|
||||
local srcdst_map=() # original source to target map
|
||||
local unalloc_map=() # extents not used by either source or target (for tmpdst_map)
|
||||
local tmpdst_map=() # extents on temporary redirection (allocated from unalloc_map)
|
||||
|
@ -679,6 +731,9 @@ stage3_prepare() {
|
|||
# mount tmpfs
|
||||
mount -t tmpfs mid /d2a/mid
|
||||
|
||||
# make sure busybox is installed
|
||||
apt-get -yqq install busybox
|
||||
|
||||
# add binaries
|
||||
add_binary_to_mid /bin/busybox
|
||||
add_binary_to_mid /bin/bash
|
||||
|
@ -1001,7 +1056,7 @@ ExecStart=/usr/sbin/digitalocean-synchronize
|
|||
pkgname = digitalocean-synchronize
|
||||
pkgver = 2.4-2
|
||||
pkgdesc = DigitalOcean Synchronization (passwords, keys, networks)
|
||||
url = https://github.com/gh2o/digitalocean-debian-to-arch
|
||||
url = https://github.com/lesderid/digitalocean-debian-to-arch
|
||||
arch = any
|
||||
license = GPL
|
||||
!!!!
|
||||
|
|
Loading…
Reference in New Issue