diff --git a/builder/.gitignore b/builder/.gitignore index 3ae85aa..a6883c2 100644 --- a/builder/.gitignore +++ b/builder/.gitignore @@ -1,5 +1,6 @@ deploy/* work/* +config postrun.sh SKIP SKIP_IMAGES diff --git a/builder/Dockerfile b/builder/Dockerfile index cf9aac4..2e53149 100644 --- a/builder/Dockerfile +++ b/builder/Dockerfile @@ -1,12 +1,13 @@ -FROM i386/debian:buster +FROM debian:buster ENV DEBIAN_FRONTEND noninteractive RUN apt-get -y update && \ - apt-get -y install \ + apt-get -y install --no-install-recommends \ git vim parted \ quilt coreutils qemu-user-static debootstrap zerofree zip dosfstools \ - bsdtar libcap2-bin rsync grep udev xz-utils curl xxd file kmod\ + bsdtar libcap2-bin rsync grep udev xz-utils curl xxd file kmod bc\ + binfmt-support ca-certificates \ && rm -rf /var/lib/apt/lists/* COPY . /pi-gen/ diff --git a/builder/README.md b/builder/README.md index 1f8524b..29d8166 100644 --- a/builder/README.md +++ b/builder/README.md @@ -14,7 +14,7 @@ To install the required dependencies for pi-gen you should run: ```bash apt-get install coreutils quilt parted qemu-user-static debootstrap zerofree zip \ -dosfstools bsdtar libcap2-bin grep rsync xz-utils file git curl +dosfstools bsdtar libcap2-bin grep rsync xz-utils file git curl bc ``` The file `depends` contains a list of tools needed. The format of this @@ -36,6 +36,11 @@ The following environment variables are supported: but you should use something else for a customized version. Export files in stages may add suffixes to `IMG_NAME`. + * `RELEASE` (Default: buster) + + The release version to build images against. Valid values are jessie, stretch + buster, bullseye, and testing. + * `APT_PROXY` (Default: unset) If you require the use of an apt proxy, set it here. This proxy setting @@ -82,7 +87,7 @@ The following environment variables are supported: Default system locale. - * `HOSTNAME` (Default: "raspberrypi" ) + * `TARGET_HOSTNAME` (Default: "raspberrypi" ) Setting the hostname to the specified value. @@ -119,11 +124,11 @@ The following environment variables are supported: * `WPA_ESSID`, `WPA_PASSWORD` and `WPA_COUNTRY` (Default: unset) - If these are set, they are use to configure `wpa_supplicant.conf`, so that the raspberry pi can automatically connect to a wifi network on first boot. If `WPA_ESSID` is set and `WPA_PASSWORD` is unset an unprotected wifi network will be configured. + If these are set, they are use to configure `wpa_supplicant.conf`, so that the Raspberry Pi can automatically connect to a wifi network on first boot. If `WPA_ESSID` is set and `WPA_PASSWORD` is unset an unprotected wifi network will be configured. If set, `WPA_PASSWORD` must be between 8 and 63 characters. * `ENABLE_SSH` (Default: `0`) - Setting to `1` will enable ssh server for remote log in. Note that if you are using a common password such as the defaults there is a high risk of attackers taking over you RaspberryPi. + Setting to `1` will enable ssh server for remote log in. Note that if you are using a common password such as the defaults there is a high risk of attackers taking over you Raspberry Pi. * `STAGE_LIST` (Default: `stage*`) diff --git a/builder/build-docker.sh b/builder/build-docker.sh index 20407b6..b6a9ea3 100755 --- a/builder/build-docker.sh +++ b/builder/build-docker.sh @@ -32,7 +32,7 @@ done # Ensure that the configuration file is an absolute path if test -x /usr/bin/realpath; then - CONFIG_FILE=$(realpath -s "$CONFIG_FILE") + CONFIG_FILE=$(realpath -s "$CONFIG_FILE" || realpath "$CONFIG_FILE") fi # Ensure that the confguration file is present @@ -41,7 +41,7 @@ if test -z "${CONFIG_FILE}"; then exit 1 else # shellcheck disable=SC1090 - source "${CONFIG_FILE}" + source ${CONFIG_FILE} fi CONTAINER_NAME=${CONTAINER_NAME:-pigen_work} @@ -73,7 +73,7 @@ fi # Modify original build-options to allow config file to be mounted in the docker container BUILD_OPTS="$(echo "${BUILD_OPTS:-}" | sed -E 's@\-c\s?([^ ]+)@-c /config@')" -${DOCKER} build --no-cache --network=host -t pi-gen "${DIR}" +${DOCKER} build -t pi-gen "${DIR}" if [ "${CONTAINER_EXISTS}" != "" ]; then trap 'echo "got CTRL+C... please wait 5s" && ${DOCKER} stop -t 5 ${CONTAINER_NAME}_cont' SIGINT SIGTERM time ${DOCKER} run --rm --privileged \ diff --git a/builder/build.sh b/builder/build.sh index 1d65bed..dd005d6 100755 --- a/builder/build.sh +++ b/builder/build.sh @@ -174,7 +174,7 @@ export DEPLOY_DIR=${DEPLOY_DIR:-"${BASE_DIR}/deploy"} export DEPLOY_ZIP="${DEPLOY_ZIP:-1}" export LOG_FILE="${WORK_DIR}/build.log" -export HOSTNAME=${HOSTNAME:-raspberrypi} +export TARGET_HOSTNAME=${TARGET_HOSTNAME:-raspberrypi} export FIRST_USER_NAME=${FIRST_USER_NAME:-pi} export FIRST_USER_PASS=${FIRST_USER_PASS:-raspberry} @@ -232,6 +232,11 @@ if [[ -n "${APT_PROXY}" ]] && ! curl --silent "${APT_PROXY}" >/dev/null ; then exit 1 fi +if [[ -n "${WPA_PASSWORD}" && ${#WPA_PASSWORD} -lt 8 || ${#WPA_PASSWORD} -gt 63 ]] ; then + echo "WPA_PASSWORD" must be between 8 and 63 characters + exit 1 +fi + mkdir -p "${WORK_DIR}" log "Begin ${BASE_DIR}" diff --git a/builder/depends b/builder/depends index 6238eb1..a86bc82 100644 --- a/builder/depends +++ b/builder/depends @@ -16,3 +16,4 @@ xxd file git lsmod:kmod +bc diff --git a/builder/docker-compose.yml b/builder/docker-compose.yml new file mode 100644 index 0000000..f733860 --- /dev/null +++ b/builder/docker-compose.yml @@ -0,0 +1,10 @@ +version: '2' + +services: + apt-cacher-ng: + restart: unless-stopped + image: sameersbn/apt-cacher-ng:latest + ports: + - "3142:3142" + volumes: + - ./apt-cacher-ng:/var/cache/apt-cacher-ng diff --git a/builder/export-image/prerun.sh b/builder/export-image/prerun.sh index cecde32..8bbc566 100755 --- a/builder/export-image/prerun.sh +++ b/builder/export-image/prerun.sh @@ -18,7 +18,7 @@ ALIGN="$((4 * 1024 * 1024))" # some overhead (since actual space usage is usually rounded up to the # filesystem block size) and gives some free space on the resulting # image. -ROOT_MARGIN=$((800*1024*1024)) +ROOT_MARGIN="$(echo "($ROOT_SIZE * 0.2 + 200 * 1024 * 1024) / 1" | bc)" BOOT_PART_START=$((ALIGN)) BOOT_PART_SIZE=$(((BOOT_SIZE + ALIGN - 1) / ALIGN * ALIGN)) diff --git a/builder/stage0/00-configure-apt/00-run.sh b/builder/stage0/00-configure-apt/00-run.sh index 9d21ffb..d10a49f 100755 --- a/builder/stage0/00-configure-apt/00-run.sh +++ b/builder/stage0/00-configure-apt/00-run.sh @@ -2,6 +2,8 @@ install -m 644 files/sources.list "${ROOTFS_DIR}/etc/apt/" install -m 644 files/raspi.list "${ROOTFS_DIR}/etc/apt/sources.list.d/" +sed -i "s/RELEASE/${RELEASE}/g" "${ROOTFS_DIR}/etc/apt/sources.list" +sed -i "s/RELEASE/${RELEASE}/g" "${ROOTFS_DIR}/etc/apt/sources.list.d/raspi.list" if [ -n "$APT_PROXY" ]; then install -m 644 files/51cache "${ROOTFS_DIR}/etc/apt/apt.conf.d/51cache" diff --git a/builder/stage0/00-configure-apt/files/raspi.list b/builder/stage0/00-configure-apt/files/raspi.list index 122287e..41c5a70 100644 --- a/builder/stage0/00-configure-apt/files/raspi.list +++ b/builder/stage0/00-configure-apt/files/raspi.list @@ -1,3 +1,3 @@ -deb http://archive.raspberrypi.org/debian/ buster main +deb http://archive.raspberrypi.org/debian/ RELEASE main # Uncomment line below then 'apt-get update' to enable 'apt-get source' -#deb-src http://archive.raspberrypi.org/debian/ buster main +#deb-src http://archive.raspberrypi.org/debian/ RELEASE main diff --git a/builder/stage0/00-configure-apt/files/sources.list b/builder/stage0/00-configure-apt/files/sources.list index 9cb5c06..4a5dd8a 100644 --- a/builder/stage0/00-configure-apt/files/sources.list +++ b/builder/stage0/00-configure-apt/files/sources.list @@ -1,3 +1,3 @@ -deb http://mirrors.ocf.berkeley.edu/raspbian/raspbian buster main contrib non-free rpi +deb http://raspbian.raspberrypi.org/raspbian/ RELEASE main contrib non-free rpi # Uncomment line below then 'apt-get update' to enable 'apt-get source' -#deb-src http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi +#deb-src http://raspbian.raspberrypi.org/raspbian/ RELEASE main contrib non-free rpi diff --git a/builder/stage0/prerun.sh b/builder/stage0/prerun.sh index 9ce3e02..3b25783 100755 --- a/builder/stage0/prerun.sh +++ b/builder/stage0/prerun.sh @@ -1,5 +1,5 @@ #!/bin/bash -e if [ ! -d "${ROOTFS_DIR}" ]; then - bootstrap buster "${ROOTFS_DIR}" http://raspbian.raspberrypi.org/raspbian/ + bootstrap ${RELEASE} "${ROOTFS_DIR}" http://raspbian.raspberrypi.org/raspbian/ fi diff --git a/builder/stage1/02-net-tweaks/00-run.sh b/builder/stage1/02-net-tweaks/00-run.sh index fc9e763..4943cab 100755 --- a/builder/stage1/02-net-tweaks/00-run.sh +++ b/builder/stage1/02-net-tweaks/00-run.sh @@ -1,6 +1,6 @@ #!/bin/bash -e -echo "${HOSTNAME}" > "${ROOTFS_DIR}/etc/hostname" -echo "127.0.1.1 ${HOSTNAME}" >> "${ROOTFS_DIR}/etc/hosts" +echo "${TARGET_HOSTNAME}" > "${ROOTFS_DIR}/etc/hostname" +echo "127.0.1.1 ${TARGET_HOSTNAME}" >> "${ROOTFS_DIR}/etc/hosts" ln -sf /dev/null "${ROOTFS_DIR}/etc/systemd/network/99-default.link" diff --git a/builder/stage2/01-sys-tweaks/00-packages b/builder/stage2/01-sys-tweaks/00-packages index 16b9350..83ec74c 100644 --- a/builder/stage2/01-sys-tweaks/00-packages +++ b/builder/stage2/01-sys-tweaks/00-packages @@ -28,3 +28,4 @@ vl805fw ntfs-3g pciutils rpi-eeprom +raspinfo diff --git a/builder/stage2/02-net-tweaks/01-run.sh b/builder/stage2/02-net-tweaks/01-run.sh index 154e515..0929755 100755 --- a/builder/stage2/02-net-tweaks/01-run.sh +++ b/builder/stage2/02-net-tweaks/01-run.sh @@ -12,7 +12,8 @@ fi if [ -v WPA_ESSID ] && [ -v WPA_PASSWORD ]; then on_chroot <> "/etc/wpa_supplicant/wpa_supplicant.conf" +set -o pipefail +wpa_passphrase "${WPA_ESSID}" "${WPA_PASSWORD}" | tee -a "/etc/wpa_supplicant/wpa_supplicant.conf" EOF elif [ -v WPA_ESSID ]; then cat >> "${ROOTFS_DIR}/etc/wpa_supplicant/wpa_supplicant.conf" << EOL @@ -26,5 +27,5 @@ fi # Disable wifi on 5GHz models mkdir -p "${ROOTFS_DIR}/var/lib/systemd/rfkill/" -echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-3f300000.mmc:wlan" -echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-fe300000.mmc:wlan" +echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-3f300000.mmcnr:wlan" +echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-fe300000.mmcnr:wlan"