From 3f501f9a0ccd24ec9bee20bf681831f186eeea9f Mon Sep 17 00:00:00 2001 From: "Luigi F. Cruz" Date: Sat, 26 Aug 2023 23:10:51 -0300 Subject: [PATCH] Update pi-gen release. --- Dockerfile | 4 +- build-docker.sh | 120 +++++++++++++----- build.sh | 66 ++++++---- config | 2 + depends | 2 + export-image/01-user-rename/00-packages | 1 + export-image/01-user-rename/01-run.sh | 9 ++ .../01-run.sh | 0 .../{02-network => 03-network}/01-run.sh | 0 .../files/resolv.conf | 0 .../00-run.sh | 0 .../{04-finalise => 05-finalise}/01-run.sh | 32 +++-- export-image/prerun.sh | 36 ++---- scripts/common | 47 ++++--- scripts/qcow2_handling | 4 +- stage0/00-configure-apt/00-run.sh | 3 +- stage0/00-configure-apt/01-packages | 1 + stage0/02-firmware/01-packages | 1 - stage0/prerun.sh | 5 + stage1/01-sys-tweaks/00-packages | 1 + stage1/01-sys-tweaks/00-run.sh | 5 +- stage1/03-install-packages/00-packages | 1 + stage2/00-copies-and-fills/01-packages | 1 - stage2/00-copies-and-fills/02-run.sh | 6 - stage2/01-sys-tweaks/00-packages | 6 +- .../00-patches/07-resize-init.diff | 2 +- stage2/01-sys-tweaks/01-run.sh | 8 +- stage2/02-net-tweaks/00-packages | 1 + stage2/02-net-tweaks/01-run.sh | 5 +- stage3/00-install-packages/00-packages | 2 +- stage3/00-install-packages/00-packages-nr | 1 + stage4/00-install-packages/00-packages | 2 + 32 files changed, 241 insertions(+), 133 deletions(-) create mode 100644 export-image/01-user-rename/00-packages create mode 100755 export-image/01-user-rename/01-run.sh rename export-image/{01-set-sources => 02-set-sources}/01-run.sh (100%) rename export-image/{02-network => 03-network}/01-run.sh (100%) rename export-image/{02-network => 03-network}/files/resolv.conf (100%) rename export-image/{03-set-partuuid => 04-set-partuuid}/00-run.sh (100%) rename export-image/{04-finalise => 05-finalise}/01-run.sh (78%) create mode 100644 stage0/00-configure-apt/01-packages create mode 100644 stage1/01-sys-tweaks/00-packages delete mode 100644 stage2/00-copies-and-fills/01-packages delete mode 100755 stage2/00-copies-and-fills/02-run.sh diff --git a/Dockerfile b/Dockerfile index 4b34617..2a5d8fe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_IMAGE=debian:buster +ARG BASE_IMAGE=debian:bullseye FROM ${BASE_IMAGE} ENV DEBIAN_FRONTEND noninteractive @@ -8,7 +8,7 @@ RUN apt-get -y update && \ git vim parted \ quilt coreutils qemu-user-static debootstrap zerofree zip dosfstools \ libarchive-tools libcap2-bin rsync grep udev xz-utils curl xxd file kmod bc\ - binfmt-support ca-certificates qemu-utils kpartx util-linux fdisk \ + binfmt-support ca-certificates qemu-utils kpartx fdisk gpg pigz\ && rm -rf /var/lib/apt/lists/* COPY . /pi-gen/ diff --git a/build-docker.sh b/build-docker.sh index 7c93873..fc0398a 100755 --- a/build-docker.sh +++ b/build-docker.sh @@ -4,10 +4,15 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" BUILD_OPTS="$*" -DOCKER="docker" - -if ! ${DOCKER} ps >/dev/null 2>&1; then - DOCKER="sudo docker" +# Allow user to override docker command +DOCKER=${DOCKER:-docker} + +# Ensure that default docker command is not set up in rootless mode +if \ + ! ${DOCKER} ps >/dev/null 2>&1 || \ + ${DOCKER} info 2>/dev/null | grep -q rootless \ +; then + DOCKER="sudo ${DOCKER}" fi if ! ${DOCKER} ps >/dev/null; then echo "error connecting to docker:" @@ -48,7 +53,7 @@ fi CONTAINER_NAME=${CONTAINER_NAME:-pigen_work} CONTINUE=${CONTINUE:-0} PRESERVE_CONTAINER=${PRESERVE_CONTAINER:-0} -PIGEN_DOCKER_OPTS=${PIGEN_DOCKER_OPTS:-""} +PIGEN_DOCKER_OPTS=${PIGEN_DOCKER_OPTS:-""} if [ -z "${IMG_NAME}" ]; then echo "IMG_NAME not set in 'config'" 1>&2 @@ -75,42 +80,87 @@ fi # Modify original build-options to allow config file to be mounted in the docker container BUILD_OPTS="$(echo "${BUILD_OPTS:-}" | sed -E 's@\-c\s?([^ ]+)@-c /config@')" -BASE_IMAGE=debian:buster -${DOCKER} build --build-arg BASE_IMAGE=${BASE_IMAGE} -t pi-gen "${DIR}" +${DOCKER} build --build-arg BASE_IMAGE=debian:bullseye -t pi-gen "${DIR}" if [ "${CONTAINER_EXISTS}" != "" ]; then - trap 'echo "got CTRL+C... please wait 5s" && ${DOCKER} stop -t 5 ${CONTAINER_NAME}_cont' SIGINT SIGTERM - time ${DOCKER} run --rm --privileged \ - --cap-add=ALL \ - -v /dev:/dev \ - -v /lib/modules:/lib/modules \ - ${PIGEN_DOCKER_OPTS} \ - --volume "${CONFIG_FILE}":/config:ro \ - -e "GIT_HASH=${GIT_HASH}" \ - --volumes-from="${CONTAINER_NAME}" --name "${CONTAINER_NAME}_cont" \ - pi-gen \ - bash -e -o pipefail -c "dpkg-reconfigure qemu-user-static && - cd /pi-gen; ./build.sh ${BUILD_OPTS} && - rsync -av work/*/build.log deploy/" & - wait "$!" + DOCKER_CMDLINE_NAME="${CONTAINER_NAME}_cont" + DOCKER_CMDLINE_PRE=( \ + --rm \ + ) + DOCKER_CMDLINE_POST=( \ + --volumes-from="${CONTAINER_NAME}" \ + ) else - trap 'echo "got CTRL+C... please wait 5s" && ${DOCKER} stop -t 5 ${CONTAINER_NAME}' SIGINT SIGTERM - time ${DOCKER} run --name "${CONTAINER_NAME}" --privileged \ - --cap-add=ALL \ - -v /dev:/dev \ - -v /lib/modules:/lib/modules \ - ${PIGEN_DOCKER_OPTS} \ - --volume "${CONFIG_FILE}":/config:ro \ - -e "GIT_HASH=${GIT_HASH}" \ - pi-gen \ - bash -e -o pipefail -c "dpkg-reconfigure qemu-user-static && - cd /pi-gen; ./build.sh ${BUILD_OPTS} && - rsync -av work/*/build.log deploy/" & - wait "$!" + DOCKER_CMDLINE_NAME="${CONTAINER_NAME}" + DOCKER_CMDLINE_PRE=( \ + ) + DOCKER_CMDLINE_POST=( \ + ) +fi + +# Check if binfmt_misc is required +binfmt_misc_required=1 +case $(uname -m) in + aarch64) + binfmt_misc_required=0 + ;; + arm*) + binfmt_misc_required=0 + ;; +esac + +# Check if qemu-aarch64-static and /proc/sys/fs/binfmt_misc are present +if [[ "${binfmt_misc_required}" == "1" ]]; then + if ! qemu_arm=$(which qemu-aarch64-static) ; then + echo "qemu-aarch64-static not found (please install qemu-user-static)" + exit 1 + fi + if [ ! -f /proc/sys/fs/binfmt_misc/register ]; then + echo "binfmt_misc required but not mounted, trying to mount it..." + if ! mount binfmt_misc -t binfmt_misc /proc/sys/fs/binfmt_misc ; then + echo "mounting binfmt_misc failed" + exit 1 + fi + echo "binfmt_misc mounted" + fi + if ! grep -q "^interpreter ${qemu_arm}" /proc/sys/fs/binfmt_misc/qemu-aarch64* ; then + # Register qemu-aarch64 for binfmt_misc + reg="echo ':qemu-aarch64-rpi:M::"\ +"\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:"\ +"\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:"\ +"${qemu_arm}:F' > /proc/sys/fs/binfmt_misc/register" + echo "Registering qemu-aarch64 for binfmt_misc..." + sudo bash -c "${reg}" 2>/dev/null || true + fi fi +trap 'echo "got CTRL+C... please wait 5s" && ${DOCKER} stop -t 5 ${DOCKER_CMDLINE_NAME}' SIGINT SIGTERM +time ${DOCKER} run \ + --name "${DOCKER_CMDLINE_NAME}" \ + --privileged \ + --cap-add=ALL \ + -v /dev:/dev \ + -v /lib/modules:/lib/modules \ + ${PIGEN_DOCKER_OPTS} \ + --volume "${CONFIG_FILE}":/config:ro \ + -e "GIT_HASH=${GIT_HASH}" \ + pi-gen \ + bash -e -o pipefail -c " + dpkg-reconfigure qemu-user-static && + # binfmt_misc is sometimes not mounted with debian bullseye image + (mount binfmt_misc -t binfmt_misc /proc/sys/fs/binfmt_misc || true) && + cd /pi-gen; ./build.sh ${BUILD_OPTS} && + rsync -av work/*/build.log deploy/ + " & + wait "$!" + +# Ensure that deploy/ is always owned by calling user echo "copying results from deploy/" -${DOCKER} cp "${CONTAINER_NAME}":/pi-gen/deploy . +${DOCKER} cp "${CONTAINER_NAME}":/pi-gen/deploy - | tar -xf - + +echo "copying log from container ${CONTAINER_NAME} to depoy/" +${DOCKER} logs --timestamps "${CONTAINER_NAME}" &>deploy/build-docker.log + ls -lah deploy # cleanup diff --git a/build.sh b/build.sh index d56583e..986f81c 100755 --- a/build.sh +++ b/build.sh @@ -14,20 +14,14 @@ $(cat "${i}-debconf") SELEOF EOF - log "End ${SUB_STAGE_DIR}/${i}-debconf" + log "End ${SUB_STAGE_DIR}/${i}-debconf" fi if [ -f "${i}-packages-nr" ]; then log "Begin ${SUB_STAGE_DIR}/${i}-packages-nr" PACKAGES="$(sed -f "${SCRIPT_DIR}/remove-comments.sed" < "${i}-packages-nr")" if [ -n "$PACKAGES" ]; then on_chroot << EOF -n=0 -until [ "$n" -ge 5 ] -do - apt-get --ignore-missing --fix-missing install --no-install-recommends -y $PACKAGES && break - n=$((n+1)) - sleep 15 -done +apt-get -o Acquire::Retries=3 install --no-install-recommends -y $PACKAGES EOF if [ "${USE_QCOW2}" = "1" ]; then on_chroot << EOF @@ -42,13 +36,7 @@ EOF PACKAGES="$(sed -f "${SCRIPT_DIR}/remove-comments.sed" < "${i}-packages")" if [ -n "$PACKAGES" ]; then on_chroot << EOF -n=0 -until [ "$n" -ge 5 ] -do - apt-get --ignore-missing --fix-missing install -y $PACKAGES && break - n=$((n+1)) - sleep 15 -done +apt-get -o Acquire::Retries=3 install -y $PACKAGES EOF if [ "${USE_QCOW2}" = "1" ]; then on_chroot << EOF @@ -145,7 +133,7 @@ run_stage(){ done fi - if [ "${USE_QCOW2}" = "1" ]; then + if [ "${USE_QCOW2}" = "1" ]; then unload_qimage else # make sure we are not umounting during export-image stage @@ -167,6 +155,14 @@ if [ "$(id -u)" != "0" ]; then fi BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +if [[ $BASE_DIR = *" "* ]]; then + echo "There is a space in the base path of pi-gen" + echo "This is not a valid setup supported by debootstrap." + echo "Please remove the spaces, or move pi-gen directory to a base path without spaces" 1>&2 + exit 1 +fi + export BASE_DIR if [ -f config ]; then @@ -207,19 +203,30 @@ fi export USE_QEMU="${USE_QEMU:-0}" export IMG_DATE="${IMG_DATE:-"$(date +%Y-%m-%d)"}" export IMG_FILENAME="${IMG_FILENAME:-"${IMG_DATE}-${IMG_NAME}"}" -export ZIP_FILENAME="${ZIP_FILENAME:-"${IMG_DATE}-${IMG_NAME}"}" +export ARCHIVE_FILENAME="${ARCHIVE_FILENAME:-"image_${IMG_DATE}-${IMG_NAME}"}" export SCRIPT_DIR="${BASE_DIR}/scripts" -export WORK_DIR="${WORK_DIR:-"${BASE_DIR}/work/${IMG_DATE}-${IMG_NAME}"}" +export WORK_DIR="${WORK_DIR:-"${BASE_DIR}/work/${IMG_NAME}"}" export DEPLOY_DIR=${DEPLOY_DIR:-"${BASE_DIR}/deploy"} -export DEPLOY_ZIP="${DEPLOY_ZIP:-1}" + +# DEPLOY_ZIP was deprecated in favor of DEPLOY_COMPRESSION +# This preserve the old behavior with DEPLOY_ZIP=0 where no archive was created +if [ -z "${DEPLOY_COMPRESSION}" ] && [ "${DEPLOY_ZIP:-1}" = "0" ]; then + echo "DEPLOY_ZIP has been deprecated in favor of DEPLOY_COMPRESSION" + echo "Similar behavior to DEPLOY_ZIP=0 can be obtained with DEPLOY_COMPRESSION=none" + echo "Please update your config file" + DEPLOY_COMPRESSION=none +fi +export DEPLOY_COMPRESSION=${DEPLOY_COMPRESSION:-zip} +export COMPRESSION_LEVEL=${COMPRESSION_LEVEL:-6} export LOG_FILE="${WORK_DIR}/build.log" export TARGET_HOSTNAME=${TARGET_HOSTNAME:-raspberrypi} export FIRST_USER_NAME=${FIRST_USER_NAME:-pi} -export FIRST_USER_PASS=${FIRST_USER_PASS:-raspberry} -export RELEASE=${RELEASE:-bullseye} +export FIRST_USER_PASS +export DISABLE_FIRST_BOOT_USER_RENAME=${DISABLE_FIRST_BOOT_USER_RENAME:-0} +export RELEASE=${RELEASE:-bullseye} # Don't forget to update stage0/prerun.sh export WPA_ESSID export WPA_PASSWORD export WPA_COUNTRY @@ -276,6 +283,10 @@ fi export NO_PRERUN_QCOW2="${NO_PRERUN_QCOW2:-1}" +if [ "$SETFCAP" != "1" ]; then + export CAPSH_ARG="--drop=cap_setfcap" +fi + dependencies_check "${BASE_DIR}/depends" #check username is valid @@ -284,6 +295,17 @@ if [[ ! "$FIRST_USER_NAME" =~ ^[a-z][-a-z0-9_]*$ ]]; then exit 1 fi +if [[ "$DISABLE_FIRST_BOOT_USER_RENAME" == "1" ]] && [ -z "${FIRST_USER_PASS}" ]; then + echo "To disable user rename on first boot, FIRST_USER_PASS needs to be set" + echo "Not setting FIRST_USER_PASS makes your system vulnerable and open to cyberattacks" + exit 1 +fi + +if [[ "$DISABLE_FIRST_BOOT_USER_RENAME" == "1" ]]; then + echo "User rename on the first boot is disabled" + echo "Be advised of the security risks linked to shipping a device with default username/password set." +fi + if [[ -n "${APT_PROXY}" ]] && ! curl --silent "${APT_PROXY}" >/dev/null ; then echo "Could not reach APT_PROXY server: ${APT_PROXY}" exit 1 @@ -381,7 +403,7 @@ for EXPORT_DIR in ${EXPORT_DIRS}; do else run_stage - fi + fi if [ "${USE_QEMU}" != "1" ]; then if [ -e "${EXPORT_DIR}/EXPORT_NOOBS" ]; then # shellcheck source=/dev/null diff --git a/config b/config index c51f746..a8079b3 100644 --- a/config +++ b/config @@ -2,3 +2,5 @@ IMG_NAME='PiSDR' ENABLE_SSH=1 TARGET_HOSTNAME='pisdr' FIRST_USER_PASS='raspberry' +DEPLOY_COMPRESSION='xz' +COMPRESSION_LEVEL=9 \ No newline at end of file diff --git a/depends b/depends index eeb2490..db88171 100644 --- a/depends +++ b/depends @@ -19,3 +19,5 @@ lsmod:kmod bc qemu-nbd:qemu-utils kpartx +gpg +pigz diff --git a/export-image/01-user-rename/00-packages b/export-image/01-user-rename/00-packages new file mode 100644 index 0000000..e8b69fc --- /dev/null +++ b/export-image/01-user-rename/00-packages @@ -0,0 +1 @@ +userconf-pi diff --git a/export-image/01-user-rename/01-run.sh b/export-image/01-user-rename/01-run.sh new file mode 100755 index 0000000..aa5dd94 --- /dev/null +++ b/export-image/01-user-rename/01-run.sh @@ -0,0 +1,9 @@ +#!/bin/bash -e + +if [[ "${DISABLE_FIRST_BOOT_USER_RENAME}" == "0" ]]; then + on_chroot <<- EOF + SUDO_USER="${FIRST_USER_NAME}" rename-user -f -s + EOF +else + rm -f "${ROOTFS_DIR}/etc/xdg/autostart/piwiz.desktop" +fi diff --git a/export-image/01-set-sources/01-run.sh b/export-image/02-set-sources/01-run.sh similarity index 100% rename from export-image/01-set-sources/01-run.sh rename to export-image/02-set-sources/01-run.sh diff --git a/export-image/02-network/01-run.sh b/export-image/03-network/01-run.sh similarity index 100% rename from export-image/02-network/01-run.sh rename to export-image/03-network/01-run.sh diff --git a/export-image/02-network/files/resolv.conf b/export-image/03-network/files/resolv.conf similarity index 100% rename from export-image/02-network/files/resolv.conf rename to export-image/03-network/files/resolv.conf diff --git a/export-image/03-set-partuuid/00-run.sh b/export-image/04-set-partuuid/00-run.sh similarity index 100% rename from export-image/03-set-partuuid/00-run.sh rename to export-image/04-set-partuuid/00-run.sh diff --git a/export-image/04-finalise/01-run.sh b/export-image/05-finalise/01-run.sh similarity index 78% rename from export-image/04-finalise/01-run.sh rename to export-image/05-finalise/01-run.sh index 3e72c0c..c104366 100755 --- a/export-image/04-finalise/01-run.sh +++ b/export-image/05-finalise/01-run.sh @@ -18,6 +18,12 @@ fi rm -f "${ROOTFS_DIR}/usr/bin/qemu-arm-static" +if [ "${USE_QEMU}" != "1" ]; then + if [ -e "${ROOTFS_DIR}/etc/ld.so.preload.disabled" ]; then + mv "${ROOTFS_DIR}/etc/ld.so.preload.disabled" "${ROOTFS_DIR}/etc/ld.so.preload" + fi +fi + rm -f "${ROOTFS_DIR}/etc/network/interfaces.dpkg-old" rm -f "${ROOTFS_DIR}/etc/apt/sources.list~" @@ -72,9 +78,8 @@ cp "$ROOTFS_DIR/etc/rpi-issue" "$INFO_FILE" mkdir -p "${DEPLOY_DIR}" -rm -f "${DEPLOY_DIR}/${ZIP_FILENAME}${IMG_SUFFIX}.zip" +rm -f "${DEPLOY_DIR}/${ARCHIVE_FILENAME}${IMG_SUFFIX}.*" rm -f "${DEPLOY_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.img" -rm -f "${DEPLOY_DIR}/${ZIP_FILENAME}${IMG_SUFFIX}.img.xz" mv "$INFO_FILE" "$DEPLOY_DIR/" @@ -90,11 +95,22 @@ else make_bootable_image "${STAGE_WORK_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.qcow2" "$IMG_FILE" fi -if [ "${DEPLOY_ZIP}" == "1" ]; then +case "${DEPLOY_COMPRESSION}" in +zip) pushd "${STAGE_WORK_DIR}" > /dev/null - xz -T16 -c "$(basename "${IMG_FILE}")" > "${DEPLOY_DIR}/${ZIP_FILENAME}${IMG_SUFFIX}.img.xz" + zip -"${COMPRESSION_LEVEL}" \ + "${DEPLOY_DIR}/${ARCHIVE_FILENAME}${IMG_SUFFIX}.zip" "$(basename "${IMG_FILE}")" popd > /dev/null - rm -f "${DEPLOY_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.img" -else - mv "$IMG_FILE" "$DEPLOY_DIR/" -fi + ;; +gz) + pigz --force -"${COMPRESSION_LEVEL}" "$IMG_FILE" --stdout > \ + "${DEPLOY_DIR}/${ARCHIVE_FILENAME}${IMG_SUFFIX}.img.gz" + ;; +xz) + xz --compress --force --threads 0 --memlimit-compress=50% -"${COMPRESSION_LEVEL}" \ + --stdout "$IMG_FILE" > "${DEPLOY_DIR}/${ARCHIVE_FILENAME}${IMG_SUFFIX}.img.xz" + ;; +none | *) + cp "$IMG_FILE" "$DEPLOY_DIR/" +;; +esac diff --git a/export-image/prerun.sh b/export-image/prerun.sh index fad7f80..267bbe0 100755 --- a/export-image/prerun.sh +++ b/export-image/prerun.sh @@ -33,49 +33,29 @@ if [ "${NO_PRERUN_QCOW2}" = "0" ]; then parted --script "${IMG_FILE}" unit B mkpart primary fat32 "${BOOT_PART_START}" "$((BOOT_PART_START + BOOT_PART_SIZE - 1))" parted --script "${IMG_FILE}" unit B mkpart primary ext4 "${ROOT_PART_START}" "$((ROOT_PART_START + ROOT_PART_SIZE - 1))" - PARTED_OUT=$(parted -sm "${IMG_FILE}" unit b print) - BOOT_OFFSET=$(echo "$PARTED_OUT" | grep -e '^1:' | cut -d':' -f 2 | tr -d B) - BOOT_LENGTH=$(echo "$PARTED_OUT" | grep -e '^1:' | cut -d':' -f 4 | tr -d B) - - ROOT_OFFSET=$(echo "$PARTED_OUT" | grep -e '^2:' | cut -d':' -f 2 | tr -d B) - ROOT_LENGTH=$(echo "$PARTED_OUT" | grep -e '^2:' | cut -d':' -f 4 | tr -d B) - - echo "Mounting BOOT_DEV..." - cnt=0 - until BOOT_DEV=$(losetup --show -f -o "${BOOT_OFFSET}" --sizelimit "${BOOT_LENGTH}" "${IMG_FILE}"); do - if [ $cnt -lt 5 ]; then - cnt=$((cnt + 1)) - echo "Error in losetup for BOOT_DEV. Retrying..." - sleep 5 - else - echo "ERROR: losetup for BOOT_DEV failed; exiting" - exit 1 - fi - done - - echo "Mounting ROOT_DEV..." + echo "Creating loop device..." cnt=0 - until ROOT_DEV=$(losetup --show -f -o "${ROOT_OFFSET}" --sizelimit "${ROOT_LENGTH}" "${IMG_FILE}"); do + until ensure_next_loopdev && LOOP_DEV="$(losetup --show --find --partscan "$IMG_FILE")"; do if [ $cnt -lt 5 ]; then cnt=$((cnt + 1)) - echo "Error in losetup for ROOT_DEV. Retrying..." + echo "Error in losetup. Retrying..." sleep 5 else - echo "ERROR: losetup for ROOT_DEV failed; exiting" + echo "ERROR: losetup failed; exiting" exit 1 fi done - echo "/boot: offset $BOOT_OFFSET, length $BOOT_LENGTH" - echo "/: offset $ROOT_OFFSET, length $ROOT_LENGTH" + BOOT_DEV="${LOOP_DEV}p1" + ROOT_DEV="${LOOP_DEV}p2" ROOT_FEATURES="^huge_file" - for FEATURE in metadata_csum 64bit; do + for FEATURE in 64bit; do if grep -q "$FEATURE" /etc/mke2fs.conf; then ROOT_FEATURES="^$FEATURE,$ROOT_FEATURES" fi done - mkdosfs -n boot -F 32 -v "$BOOT_DEV" > /dev/null + mkdosfs -n bootfs -F 32 -s 4 -v "$BOOT_DEV" > /dev/null mkfs.ext4 -L rootfs -O "$ROOT_FEATURES" "$ROOT_DEV" > /dev/null mount -v "$ROOT_DEV" "${ROOTFS_DIR}" -t ext4 diff --git a/scripts/common b/scripts/common index fe64e74..8c54c45 100644 --- a/scripts/common +++ b/scripts/common @@ -7,21 +7,18 @@ bootstrap(){ local BOOTSTRAP_CMD=debootstrap local BOOTSTRAP_ARGS=() - #export http_proxy=${APT_PROXY} - - if [ "$(dpkg --print-architecture)" != "armhf" ] && [ "$(dpkg --print-architecture)" != "aarch64" ]; then - BOOTSTRAP_CMD=qemu-debootstrap - fi + export http_proxy=${APT_PROXY} BOOTSTRAP_ARGS+=(--arch arm64) BOOTSTRAP_ARGS+=(--include gnupg) BOOTSTRAP_ARGS+=(--components "main,contrib,non-free") #BOOTSTRAP_ARGS+=(--keyring "${STAGE_DIR}/files/raspberrypi.gpg") BOOTSTRAP_ARGS+=(--exclude=info) + BOOTSTRAP_ARGS+=(--include=ca-certificates) BOOTSTRAP_ARGS+=("$@") printf -v BOOTSTRAP_STR '%q ' "${BOOTSTRAP_ARGS[@]}" - capsh --drop=cap_setfcap -- -c "'${BOOTSTRAP_CMD}' $BOOTSTRAP_STR" || true + capsh $CAPSH_ARG -- -c "'${BOOTSTRAP_CMD}' $BOOTSTRAP_STR" || true if [ -d "$2/debootstrap" ] && ! rmdir "$2/debootstrap"; then cp "$2/debootstrap/debootstrap.log" "${STAGE_WORK_DIR}" @@ -61,19 +58,15 @@ export -f unmount unmount_image(){ sync sleep 1 - local LOOP_DEVICES - LOOP_DEVICES=$(losetup --list | grep "$(basename "${1}")" | cut -f1 -d' ') - for LOOP_DEV in ${LOOP_DEVICES}; do - if [ -n "${LOOP_DEV}" ]; then - local MOUNTED_DIR - MOUNTED_DIR=$(mount | grep "$(basename "${LOOP_DEV}")" | head -n 1 | cut -f 3 -d ' ') - if [ -n "${MOUNTED_DIR}" ] && [ "${MOUNTED_DIR}" != "/" ]; then - unmount "$(dirname "${MOUNTED_DIR}")" + LOOP_DEVICE=$(losetup --list | grep "$1" | cut -f1 -d' ') + if [ -n "$LOOP_DEVICE" ]; then + for part in "$LOOP_DEVICE"p*; do + if DIR=$(findmnt -n -o target -S "$part"); then + unmount "$DIR" fi - sleep 1 - losetup -d "${LOOP_DEV}" - fi - done + done + losetup -d "$LOOP_DEVICE" + fi } export -f unmount_image @@ -94,7 +87,15 @@ on_chroot() { mount --bind /sys "${ROOTFS_DIR}/sys" fi - capsh --drop=cap_setfcap "--chroot=${ROOTFS_DIR}/" -- -e "$@" + if ! mount | grep -q "$(realpath "${ROOTFS_DIR}"/run)"; then + mount -t tmpfs tmpfs "${ROOTFS_DIR}/run" + fi + + if ! mount | grep -q "$(realpath "${ROOTFS_DIR}"/tmp)"; then + mount -t tmpfs tmpfs "${ROOTFS_DIR}/tmp" + fi + + capsh $CAPSH_ARG "--chroot=${ROOTFS_DIR}/" -- -e "$@" } export -f on_chroot @@ -102,3 +103,11 @@ update_issue() { echo -e "Raspberry Pi reference ${IMG_DATE}\nGenerated using ${PI_GEN}, ${PI_GEN_REPO}, ${GIT_HASH}, ${1}" > "${ROOTFS_DIR}/etc/rpi-issue" } export -f update_issue + +ensure_next_loopdev() { + local loopdev + loopdev="$(losetup -f)" + loopmaj="$(echo "$loopdev" | sed -E 's/.*[^0-9]*?([0-9]+)$/\1/')" + [[ -b "$loopdev" ]] || mknod "$loopdev" b 7 "$loopmaj" +} +export -f ensure_next_loopdev diff --git a/scripts/qcow2_handling b/scripts/qcow2_handling index 6b2a56b..66708e7 100644 --- a/scripts/qcow2_handling +++ b/scripts/qcow2_handling @@ -109,8 +109,8 @@ load_qimage() { EOF sync kpartx -as $NBD_DEV - mkdosfs -n boot -F 32 -v $MAP_BOOT_DEV - mkfs.ext4 -L rootfs -O "^huge_file,^metadata_csum,^64bit" $MAP_ROOT_DEV + mkdosfs -n boot -F 32 -s 4 -v $MAP_BOOT_DEV + mkfs.ext4 -L rootfs -O "^huge_file,^64bit" $MAP_ROOT_DEV sync else if [ ! -f "${WORK_DIR}/image-${PREV_STAGE}.qcow2" ]; then diff --git a/stage0/00-configure-apt/00-run.sh b/stage0/00-configure-apt/00-run.sh index 651d154..c962c35 100755 --- a/stage0/00-configure-apt/00-run.sh +++ b/stage0/00-configure-apt/00-run.sh @@ -12,7 +12,8 @@ else rm -f "${ROOTFS_DIR}/etc/apt/apt.conf.d/51cache" fi -on_chroot apt-key add - < files/raspberrypi.gpg.key +cat files/raspberrypi.gpg.key | gpg --dearmor > "${STAGE_WORK_DIR}/raspberrypi-archive-stable.gpg" +install -m 644 "${STAGE_WORK_DIR}/raspberrypi-archive-stable.gpg" "${ROOTFS_DIR}/etc/apt/trusted.gpg.d/" on_chroot << EOF dpkg --add-architecture armhf apt-get update diff --git a/stage0/00-configure-apt/01-packages b/stage0/00-configure-apt/01-packages new file mode 100644 index 0000000..f5e3789 --- /dev/null +++ b/stage0/00-configure-apt/01-packages @@ -0,0 +1 @@ +raspberrypi-archive-keyring diff --git a/stage0/02-firmware/01-packages b/stage0/02-firmware/01-packages index 127bf36..b166aa8 100644 --- a/stage0/02-firmware/01-packages +++ b/stage0/02-firmware/01-packages @@ -1,3 +1,2 @@ raspberrypi-bootloader raspberrypi-kernel -raspi-config diff --git a/stage0/prerun.sh b/stage0/prerun.sh index e001309..e4f85f1 100755 --- a/stage0/prerun.sh +++ b/stage0/prerun.sh @@ -1,5 +1,10 @@ #!/bin/bash -e +if [ "$RELEASE" != "bullseye" ]; then + echo "WARNING: RELEASE does not match the intended option for this branch." + echo " Please check the relevant README.md section." +fi + if [ ! -d "${ROOTFS_DIR}" ] || [ "${USE_QCOW2}" = "1" ]; then bootstrap ${RELEASE} "${ROOTFS_DIR}" http://deb.debian.org/debian/ fi diff --git a/stage1/01-sys-tweaks/00-packages b/stage1/01-sys-tweaks/00-packages new file mode 100644 index 0000000..9e91ea1 --- /dev/null +++ b/stage1/01-sys-tweaks/00-packages @@ -0,0 +1 @@ +raspi-config diff --git a/stage1/01-sys-tweaks/00-run.sh b/stage1/01-sys-tweaks/00-run.sh index 9c380ec..0f761bd 100755 --- a/stage1/01-sys-tweaks/00-run.sh +++ b/stage1/01-sys-tweaks/00-run.sh @@ -8,7 +8,10 @@ on_chroot << EOF if ! id -u ${FIRST_USER_NAME} >/dev/null 2>&1; then adduser --disabled-password --gecos "" ${FIRST_USER_NAME} fi -echo "${FIRST_USER_NAME}:${FIRST_USER_PASS}" | chpasswd + +if [ -n "${FIRST_USER_PASS}" ]; then + echo "${FIRST_USER_NAME}:${FIRST_USER_PASS}" | chpasswd +fi echo "root:root" | chpasswd EOF diff --git a/stage1/03-install-packages/00-packages b/stage1/03-install-packages/00-packages index 73edcc9..a3d2fb6 100644 --- a/stage1/03-install-packages/00-packages +++ b/stage1/03-install-packages/00-packages @@ -1 +1,2 @@ libraspberrypi-bin libraspberrypi0 +systemd-timesyncd diff --git a/stage2/00-copies-and-fills/01-packages b/stage2/00-copies-and-fills/01-packages deleted file mode 100644 index 283c290..0000000 --- a/stage2/00-copies-and-fills/01-packages +++ /dev/null @@ -1 +0,0 @@ -raspi-copies-and-fills diff --git a/stage2/00-copies-and-fills/02-run.sh b/stage2/00-copies-and-fills/02-run.sh deleted file mode 100755 index 366ac24..0000000 --- a/stage2/00-copies-and-fills/02-run.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -e - -if [ -f "${ROOTFS_DIR}/etc/ld.so.preload" ]; then - mv "${ROOTFS_DIR}/etc/ld.so.preload" "${ROOTFS_DIR}/etc/ld.so.preload.disabled" -fi - diff --git a/stage2/01-sys-tweaks/00-packages b/stage2/01-sys-tweaks/00-packages index 55f8451..6138c6d 100644 --- a/stage2/01-sys-tweaks/00-packages +++ b/stage2/01-sys-tweaks/00-packages @@ -1,5 +1,5 @@ ssh less fbset sudo psmisc strace ed ncdu crda -console-setup keyboard-configuration debconf-utils parted unzip +console-setup keyboard-configuration debconf-utils parted build-essential manpages-dev bash-completion gdb pkg-config python-is-python3 python3-rpi.gpio v4l-utils @@ -30,3 +30,7 @@ ntfs-3g pciutils rpi-eeprom raspinfo +udisks2 +unzip zip p7zip-full +file +kms++-utils diff --git a/stage2/01-sys-tweaks/00-patches/07-resize-init.diff b/stage2/01-sys-tweaks/00-patches/07-resize-init.diff index cb160ae..dfc01d4 100644 --- a/stage2/01-sys-tweaks/00-patches/07-resize-init.diff +++ b/stage2/01-sys-tweaks/00-patches/07-resize-init.diff @@ -2,4 +2,4 @@ +++ stage2/rootfs/boot/cmdline.txt @@ -1 +1 @@ -console=serial0,115200 console=tty1 root=ROOTDEV rootfstype=ext4 fsck.repair=yes rootwait -+console=serial0,115200 console=tty1 root=ROOTDEV rootfstype=ext4 fsck.repair=yes rootwait quiet init=/usr/lib/raspi-config/init_resize.sh ++console=serial0,115200 console=tty1 root=ROOTDEV rootfstype=ext4 fsck.repair=yes rootwait quiet init=/usr/lib/raspberrypi-sys-mods/firstboot diff --git a/stage2/01-sys-tweaks/01-run.sh b/stage2/01-sys-tweaks/01-run.sh index 4a757a1..294a0ec 100755 --- a/stage2/01-sys-tweaks/01-run.sh +++ b/stage2/01-sys-tweaks/01-run.sh @@ -24,8 +24,6 @@ s/^#?[[:blank:]]*PasswordAuthentication[[:blank:]]*yes[[:blank:]]*$/PasswordAuth fi on_chroot << EOF -gcc -march=native -Q --help=target -echo "++++++++++++++++++++++++++++++++++++" systemctl disable hwclock.sh systemctl disable nfs-common systemctl disable rpcbind @@ -54,11 +52,15 @@ on_chroot <> "${ROOTFS_DIR}/etc/wpa_supplicant/wpa_supplicant.conf" + on_chroot <<- EOF + SUDO_USER="${FIRST_USER_NAME}" raspi-config nonint do_wifi_country "${WPA_COUNTRY}" + EOF fi if [ -v WPA_ESSID ] && [ -v WPA_PASSWORD ]; then diff --git a/stage3/00-install-packages/00-packages b/stage3/00-install-packages/00-packages index 322d338..c88cf4c 100644 --- a/stage3/00-install-packages/00-packages +++ b/stage3/00-install-packages/00-packages @@ -12,4 +12,4 @@ fonts-liberation2 obconf arandr libcamera-tools -libcamera-apps \ No newline at end of file +libcamera-apps diff --git a/stage3/00-install-packages/00-packages-nr b/stage3/00-install-packages/00-packages-nr index f8bff31..8c16b40 100644 --- a/stage3/00-install-packages/00-packages-nr +++ b/stage3/00-install-packages/00-packages-nr @@ -4,3 +4,4 @@ lxde lxtask menu-xdg zenity xdg-utils gvfs-backends gvfs-fuse lightdm gnome-themes-standard gnome-icon-theme +gnome-keyring diff --git a/stage4/00-install-packages/00-packages b/stage4/00-install-packages/00-packages index e76d411..7854596 100644 --- a/stage4/00-install-packages/00-packages +++ b/stage4/00-install-packages/00-packages @@ -23,3 +23,5 @@ piwiz rp-prefapps ffmpeg vlc +rpi-imager +rpi-wayland