306 lines
5.5 KiB
Bash
306 lines
5.5 KiB
Bash
#!/bin/false
|
|
|
|
export QUILT_PATCHES="$BASE_DIR/patches"
|
|
export QUILT_NO_DIFF_INDEX=1
|
|
export QUILT_NO_DIFF_TIMESTAMPS=1
|
|
export QUILT_REFRESH_ARGS='-p ab'
|
|
|
|
on_chroot() {
|
|
capsh --drop=cap_setfcap --chroot="$ROOTFS_DIR" -- "$@"
|
|
}
|
|
|
|
apply_patch() {
|
|
pushd "$ROOTFS_DIR" > /dev/null
|
|
|
|
quilt upgrade
|
|
RC=0
|
|
quilt push "$1" || RC=$?
|
|
|
|
case "$RC" in
|
|
0|2)
|
|
;;
|
|
*)
|
|
false
|
|
;;
|
|
esac
|
|
|
|
popd > /dev/null
|
|
}
|
|
|
|
apply_file() {
|
|
local MODE="$1"
|
|
local FILE="$2"
|
|
|
|
local SRC="$FILES_DIR/$FILE"
|
|
local DST="$ROOTFS_DIR/$FILE"
|
|
|
|
if [ ! -f "$SRC" ]; then
|
|
tput setaf 1 # Red color
|
|
echo "Source file $FILE does not exist"
|
|
tput sgr0 # No color
|
|
|
|
exit 1
|
|
fi
|
|
|
|
install -m "$MODE" "$SRC" "$DST"
|
|
}
|
|
|
|
if [ "$(id -u)" != '0' ]; then
|
|
echo 'Please run as root' 1>&2
|
|
exit 1
|
|
fi
|
|
|
|
if [ -e "$ROOTFS_DIR" ]; then
|
|
rm -rf "$ROOTFS_DIR"
|
|
fi
|
|
|
|
mkdir "$ROOTFS_DIR"
|
|
|
|
##
|
|
# Bootstrap a basic Debian system.
|
|
#
|
|
ARCH="$(dpkg --print-architecture)"
|
|
|
|
if [ "$ARCH" != 'armhf' ]; then
|
|
BOOTSTRAP_CMD='qemu-debootstrap'
|
|
else
|
|
BOOTSTRAP_CMD='debootstrap'
|
|
fi
|
|
|
|
capsh --drop=cap_setfcap -- -c "$BOOTSTRAP_CMD \
|
|
--components=main,contrib,non-free \
|
|
--arch armhf \
|
|
--keyring $KEYS_DIR/raspbian-archive-keyring.gpg \
|
|
jessie \
|
|
$ROOTFS_DIR \
|
|
http://mirrordirector.raspbian.org/raspbian/" || rmdir "$ROOTFS_DIR/debootstrap/"
|
|
|
|
##
|
|
# Prepare for Quilt patching.
|
|
#
|
|
rm -rf "$ROOTFS_DIR/.pc/"
|
|
mkdir "$ROOTFS_DIR/.pc/"
|
|
|
|
##
|
|
# Prevent services to start after package installation in chroot environment.
|
|
#
|
|
apply_file 744 '/usr/sbin/policy-rc.d'
|
|
|
|
##
|
|
# Mount virtual file systems.
|
|
#
|
|
mount --bind /dev "$ROOTFS_DIR/dev"
|
|
mount --bind /dev/pts "$ROOTFS_DIR/dev/pts"
|
|
mount -t proc /proc "$ROOTFS_DIR/proc"
|
|
mount --bind /sys "$ROOTFS_DIR/sys"
|
|
|
|
function finalize {
|
|
umount "$ROOTFS_DIR/sys"
|
|
umount "$ROOTFS_DIR/proc"
|
|
umount "$ROOTFS_DIR/dev/pts"
|
|
umount "$ROOTFS_DIR/dev"
|
|
}
|
|
|
|
trap finalize EXIT
|
|
|
|
##
|
|
# Configure environment.
|
|
#
|
|
apply_file 644 '/etc/environment'
|
|
apply_file 644 '/etc/motd'
|
|
|
|
##
|
|
# Add /etc/fstab and /etc/mtab
|
|
#
|
|
apply_file 644 '/etc/fstab'
|
|
ln -nsf /proc/mounts "$ROOTFS_DIR/etc/mtab"
|
|
|
|
##
|
|
# Prepare package manager.
|
|
#
|
|
apply_file 644 '/etc/apt/sources.list'
|
|
|
|
on_chroot apt-key add - < "$KEYS_DIR/raspberrypi-archive-keyring.gpg"
|
|
|
|
apply_file 644 '/etc/apt/apt.conf.d/02noinstall'
|
|
apply_file 644 '/etc/apt/apt.conf.d/50pdiffs'
|
|
|
|
on_chroot << EOF
|
|
apt-get update
|
|
apt-get upgrade -y
|
|
apt-get dist-upgrade -y
|
|
apt-get autoremove -y --purge
|
|
EOF
|
|
|
|
##
|
|
# Replace systemd with sysvinit.
|
|
#
|
|
on_chroot << EOF
|
|
apt-get install -y sysvinit-core
|
|
apt-get purge -y systemd systemd-sysv
|
|
apt-get autoremove -y --purge
|
|
EOF
|
|
|
|
##
|
|
# Install kernel and bootloader.
|
|
#
|
|
on_chroot << EOF
|
|
apt-get install -y raspberrypi-kernel raspberrypi-bootloader
|
|
EOF
|
|
|
|
##
|
|
# Allow system to boot.
|
|
#
|
|
on_chroot << EOF
|
|
apt-get install -y plymouth mountall
|
|
EOF
|
|
|
|
##
|
|
# Prepare Raspberry Pi boot partition.
|
|
#
|
|
apply_file 644 '/boot/cmdline.txt'
|
|
apply_file 644 '/boot/config.txt'
|
|
|
|
##
|
|
# This script is executed at the end of each multiuser runlevel.
|
|
#
|
|
apply_file 755 '/etc/rc.local'
|
|
|
|
##
|
|
# Install SSH server
|
|
#
|
|
on_chroot << EOF
|
|
apt-get install -y ssh
|
|
EOF
|
|
|
|
apply_file 644 '/etc/ssh/sshd_config'
|
|
|
|
rm -fv "$ROOTFS_DIR/etc/ssh/ssh_host_key"
|
|
rm -fv "$ROOTFS_DIR/etc/ssh/ssh_host_key.pub"
|
|
|
|
rm -fv "$ROOTFS_DIR/etc/ssh/ssh_host_dsa_key"
|
|
rm -fv "$ROOTFS_DIR/etc/ssh/ssh_host_dsa_key.pub"
|
|
|
|
rm -fv "$ROOTFS_DIR/etc/ssh/ssh_host_ecdsa_key"
|
|
rm -fv "$ROOTFS_DIR/etc/ssh/ssh_host_ecdsa_key.pub"
|
|
|
|
rm -fv "$ROOTFS_DIR/etc/ssh/ssh_host_ed25519_key"
|
|
rm -fv "$ROOTFS_DIR/etc/ssh/ssh_host_ed25519_key.pub"
|
|
|
|
rm -fv "$ROOTFS_DIR/etc/ssh/ssh_host_rsa_key"
|
|
rm -fv "$ROOTFS_DIR/etc/ssh/ssh_host_rsa_key.pub"
|
|
|
|
##
|
|
# Assign device names by part-UUID
|
|
#
|
|
apply_file 644 '/lib/udev/rules.d/61-partuuid.rules'
|
|
|
|
##
|
|
# Configure network.
|
|
#
|
|
apply_file 644 '/etc/hostname'
|
|
apply_file 644 '/etc/hosts'
|
|
|
|
apply_file 644 '/etc/network/interfaces'
|
|
|
|
##
|
|
# Configure Wi-Fi.
|
|
#
|
|
on_chroot << EOF
|
|
apt-get install -y firmware-brcm80211
|
|
EOF
|
|
|
|
##
|
|
# Add user.
|
|
#
|
|
on_chroot << EOF
|
|
apt-get install -y sudo
|
|
EOF
|
|
|
|
apply_patch '03-passwordless-sudo.diff'
|
|
apply_patch '04-bashrc.diff'
|
|
apply_patch '05-useradd.diff'
|
|
|
|
on_chroot << EOF
|
|
if ! id -u $USERNAME >/dev/null 2>&1; then
|
|
adduser --disabled-password --gecos "" $USERNAME
|
|
fi
|
|
echo "$USERNAME:$PASSWORD" | chpasswd
|
|
passwd -d root
|
|
adduser $USERNAME sudo
|
|
EOF
|
|
|
|
##
|
|
# Configure time zone.
|
|
#
|
|
on_chroot << EOF
|
|
debconf-set-selections <<SELEOF
|
|
tzdata tzdata/Areas select Etc
|
|
tzdata tzdata/Zones/Etc select UTC
|
|
SELEOF
|
|
|
|
apt-get install -y tzdata
|
|
EOF
|
|
|
|
##
|
|
# Configure environment.
|
|
#
|
|
apply_patch '07-path.diff'
|
|
|
|
##
|
|
# Make user-friendly environment.
|
|
#
|
|
on_chroot << EOF
|
|
apt-get install -y \
|
|
bash-completion \
|
|
colordiff \
|
|
curl \
|
|
less \
|
|
vim
|
|
|
|
update-alternatives --set editor /usr/bin/vim.basic
|
|
EOF
|
|
|
|
apply_file 644 '/etc/vim/vimrc.local'
|
|
|
|
##
|
|
# Save fake hardware clock time for more realistic time after startup.
|
|
#
|
|
on_chroot << EOF
|
|
apt-get install -y fake-hwclock ntp
|
|
systemctl disable hwclock.sh
|
|
fake-hwclock save
|
|
EOF
|
|
|
|
##
|
|
# Configure firewall.
|
|
#
|
|
on_chroot << EOF
|
|
apt-get install -y iptables-persistent
|
|
EOF
|
|
|
|
apply_file 644 '/etc/iptables/rules.v4'
|
|
apply_file 644 '/etc/iptables/rules.v6'
|
|
|
|
##
|
|
# Remove unnecessary packages.
|
|
#
|
|
on_chroot << EOF
|
|
apt-get purge -y rpcbind exim4 exim4-base exim4-config exim4-daemon-light
|
|
apt-get autoremove -y --purge
|
|
EOF
|
|
|
|
##
|
|
# Cleanup after Quilt patching.
|
|
#
|
|
rm -rf "$ROOTFS_DIR/.pc/"
|
|
|
|
##
|
|
# Allow services to start.
|
|
#
|
|
rm -f "$ROOTFS_DIR/usr/sbin/policy-rc.d"
|
|
|
|
##
|
|
# Clean Apt cache.
|
|
#
|
|
rm -rf "$ROOTFS_DIR/var/cache/apt/archives/*"
|