freedombone-image-customise 10KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347
  1. #!/bin/bash
  2. #
  3. # .---. . .
  4. # | | |
  5. # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
  6. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
  7. # ' ' --' --' -' - -' ' ' -' -' -' ' - --'
  8. #
  9. # Freedom in the Cloud
  10. #
  11. # Based on bin/freedombox-customize from freedom-maker
  12. #
  13. # License
  14. # =======
  15. #
  16. # This program is free software: you can redistribute it and/or modify
  17. # it under the terms of the GNU General Public License as published by
  18. # the Free Software Foundation, either version 3 of the License, or
  19. # (at your option) any later version.
  20. #
  21. # This program is distributed in the hope that it will be useful,
  22. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  23. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  24. # GNU General Public License for more details.
  25. #
  26. # You should have received a copy of the GNU General Public License
  27. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  28. set -e
  29. set -x
  30. PROJECT_NAME='freedombone'
  31. MY_USERNAME='debian'
  32. MY_PASSWORD='freedombone'
  33. # IP address of the router (gateway)
  34. ROUTER_IP_ADDRESS="192.168.1.254"
  35. # The fixed IP address of the Beaglebone Black on your local network
  36. BOX_IP_ADDRESS="192.168.1.55"
  37. # DNS
  38. NAMESERVER1='213.73.91.35'
  39. NAMESERVER2='85.214.20.141'
  40. # optional configuration file containing freedombone settings
  41. CONFIG_FILENAME=
  42. # Optional ssh public key to allow
  43. SSH_PUBKEY="no"
  44. # Whether this is a generic image for mass redistribution on the interwebs
  45. GENERIC_IMAGE="no"
  46. enable_eatmydata_override() {
  47. chroot $rootdir apt-get install --no-install-recommends -y eatmydata
  48. if [ -x $rootdir/usr/bin/eatmydata ] && \
  49. [ ! -f $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata ]; then
  50. echo "info: Adding apt config to call dpkg via eatmydata"
  51. printf "#!/bin/sh\nexec eatmydata dpkg \"\$@\"\n" \
  52. > $rootdir/var/tmp/dpkg-eatmydata
  53. chmod 755 $rootdir/var/tmp/dpkg-eatmydata
  54. cat > $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata <<EOF
  55. Dir::Bin::dpkg "/var/tmp/dpkg-eatmydata";
  56. EOF
  57. else
  58. echo "error: unable to find /usr/bin/eatmydata after installing the eatmydata package"
  59. fi
  60. }
  61. disable_eatmydata_override() {
  62. for override in \
  63. /etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata \
  64. /var/tmp/dpkg-eatmydata ; do
  65. echo "info: Removing apt config to call dpkg via eatmydata"
  66. if [ -f $rootdir$override ] ; then
  67. rm -f $rootdir$override
  68. else
  69. echo "warning: missing $rootdir$override"
  70. fi
  71. done
  72. sync # Flush file buffers before continuing
  73. }
  74. set_apt_sources() {
  75. NEW_MIRROR="$1"
  76. COMPONENTS="main"
  77. cat <<EOF > etc/apt/sources.list
  78. deb $NEW_MIRROR $SUITE $COMPONENTS
  79. deb-src $NEW_MIRROR $SUITE $COMPONENTS
  80. #deb http://security.debian.org/ $SUITE/updates main
  81. #deb-src http://security.debian.org/ $SUITE/updates main
  82. EOF
  83. }
  84. configure_networking() {
  85. echo "# This file describes the network interfaces available on your system
  86. # and how to activate them. For more information, see interfaces(5).
  87. # The loopback network interface
  88. auto lo
  89. iface lo inet loopback
  90. # The primary network interface
  91. auto eth0
  92. iface eth0 inet static
  93. address $BOX_IP_ADDRESS
  94. netmask 255.255.255.0
  95. gateway $ROUTER_IP_ADDRESS
  96. dns-nameservers $NAMESERVER1 $NAMESERVER2
  97. # Example to keep MAC address between reboots
  98. #hwaddress ether B5:A2:BE:3F:1A:FE
  99. # The secondary network interface
  100. #auto eth1
  101. #iface eth1 inet dhcp
  102. # WiFi Example
  103. #auto wlan0
  104. #iface wlan0 inet dhcp
  105. # wpa-ssid \"essid\"
  106. # wpa-psk \"password\"
  107. # Ethernet/RNDIS gadget (g_ether)
  108. # ... or on host side, usbnet and random hwaddr
  109. # Note on some boards, usb0 is automaticly setup with an init script
  110. #iface usb0 inet static
  111. # address 192.168.7.2
  112. # netmask 255.255.255.0
  113. # network 192.168.7.0
  114. # gateway 192.168.7.1" > $rootdir/etc/network/interfaces
  115. hexarray=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )
  116. a=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
  117. b=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
  118. c=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
  119. d=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
  120. e=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
  121. sed -i "s|#hwaddress ether.*|hwaddress ether de:$a:$b:$c:$d:$e|g" \
  122. $rootdir/etc/network/interfaces
  123. sed -i "s/nameserver.*/nameserver $NAMESERVER1/g" $rootdir/etc/resolv.conf
  124. sed -i "/nameserver $NAMESERVER1/a\nameserver $NAMESERVER2" $rootdir/etc/resolv.conf
  125. # change the motd to show further install instructions
  126. echo "
  127. .---. . .
  128. | | |
  129. |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
  130. | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
  131. ' ' --' --' -' - -' ' ' -' -' -' ' - --'
  132. Initial base install
  133. Your system is not yet installed. To complete the process run the
  134. following commands, then enter your details.
  135. sudo su
  136. freedombone menuconfig
  137. " > $rootdir/etc/motd
  138. }
  139. configure_ssh() {
  140. sed -i "s/Port .*/Port 2222/g" $rootdir/etc/ssh/sshd_config
  141. if [[ "$SSH_PUBKEY" != "no" ]]; then
  142. if [ ! -d $rootdir/home/$MY_USERNAME/.ssh ]; then
  143. mkdir $rootdir/home/$MY_USERNAME/.ssh
  144. fi
  145. echo "$SSH_PUBKEY" > $rootdir/home/$MY_USERNAME/.ssh/authorized_keys
  146. chroot $rootdir chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
  147. sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config
  148. echo "Using ssh public key:"
  149. echo $SSH_PUBKEY
  150. echo 'Password ssh authentication turned off'
  151. fi
  152. }
  153. admin_user_sudo() {
  154. echo "$MY_USERNAME ALL=(ALL) ALL" >> $rootdir/etc/sudoers
  155. }
  156. create_generic_image() {
  157. if [[ $GENERIC_IMAGE == "no" ]]; then
  158. return
  159. fi
  160. # Don't install any configuration. This will be a base system
  161. CONFIG_FILENAME=
  162. # The presence of this file indicates that the initial
  163. # setup has not yet been completed
  164. touch $rootdir/home/$MY_USERNAME/.initial_setup
  165. touch $rootdir/home/root/.bashrc
  166. cat >> $rootdir/home/$MY_USERNAME/.bashrc <<EOF
  167. # initial setup of the system
  168. if [ -f ~/.initial_setup ]; then
  169. clear
  170. echo '>>> Freedombone system initial setup <<<'
  171. echo ''
  172. echo 'The first thing you need to do is to change your password, otherwise'
  173. echo 'your system will be insecure. Your password should be at least 10'
  174. echo 'characters long and contain letters and numbers. Do this now:'
  175. passwd
  176. rm ~/.initial_setup
  177. sudo su
  178. fi
  179. EOF
  180. cat >> $rootdir/home/root/.bashrc <<EOF
  181. # initial setup of the system
  182. if [ -f ~/.initial_setup ]; then
  183. freedombone menuconfig
  184. rm ~/.initial_setup
  185. fi
  186. EOF
  187. }
  188. continue_installation() {
  189. # If a configuration file exists then run with it
  190. # otherwise the interactive installer can be used
  191. # This is equivalent to installing freedombox-setup on freedombox
  192. if [ $CONFIG_FILENAME ]; then
  193. if [ ${#CONFIG_FILENAME} -gt 2 ]; then
  194. cp $CONFIG_FILENAME $rootdir/root/$PROJECT_NAME.cfg
  195. chroot $rootdir $PROJECT_NAME -c /root/$PROJECT_NAME.cfg
  196. fi
  197. fi
  198. }
  199. # Set to true/false to control if eatmydata is used during build
  200. use_eatmydata=true
  201. rootdir="$1"
  202. fmdir="$(pwd)"
  203. image="$fmdir"/"$2"
  204. cd "$rootdir"
  205. echo info: building $MACHINE for $ARCHITECTURE
  206. export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
  207. export LC_ALL=C LANGUAGE=C LANG=C
  208. # Override libpam-tmpdir setting during build, as the directories
  209. # are not created yet.
  210. export TMP=/tmp/ TMPDIR=/tmp/
  211. username=$MY_USERNAME
  212. echo "warning: creating initial user $username with well known password!"
  213. password=$MY_PASSWORD
  214. chroot "$rootdir" adduser --gecos $username --disabled-password $username
  215. echo $username:$password | chroot $rootdir /usr/sbin/chpasswd
  216. chroot "$rootdir" adduser $username sudo
  217. case "$MACHINE" in
  218. virtualbox)
  219. # hide irrelevant console keyboard messages.
  220. echo "echo \"4 4 1 7\" > /proc/sys/kernel/printk" \
  221. >> /etc/init.d/rc.local
  222. ;;
  223. qemu)
  224. # hide irrelevant console keyboard messages.
  225. echo "echo \"4 4 1 7\" > /proc/sys/kernel/printk" \
  226. >> /etc/init.d/rc.local
  227. ;;
  228. esac
  229. set_apt_sources $BUILD_MIRROR
  230. chroot "$rootdir" apt-get update
  231. cat > $rootdir/usr/sbin/policy-rc.d <<EOF
  232. #!/bin/sh
  233. exit 101
  234. EOF
  235. chmod a+rx $rootdir/usr/sbin/policy-rc.d
  236. if $use_eatmydata ; then
  237. enable_eatmydata_override
  238. fi
  239. if [ -n "$CUSTOM_SETUP" ]; then
  240. cp "$CUSTOM_SETUP" "$rootdir"/tmp
  241. chroot "$rootdir" apt-get install -y gdebi-core
  242. chroot "$rootdir" gdebi -n /tmp/"$(basename $CUSTOM_SETUP)"
  243. fi
  244. chroot "$rootdir" apt-get install -y sudo git dialog build-essential openssh-server
  245. chroot "$rootdir" apt-get install -y avahi-daemon avahi-utils avahi-discover
  246. chroot "$rootdir" /bin/bash -x <<EOF
  247. git clone https://github.com/bashrc/freedombone /root/freedombone
  248. cd /root/freedombone
  249. make install
  250. EOF
  251. chroot "$rootdir" freedombone-image-hardware-setup 2>&1 | \
  252. tee $rootdir/var/log/freedombone-image-hardware-setup.log
  253. rm $rootdir/usr/sbin/policy-rc.d
  254. chroot "$rootdir" /usr/lib/freedombone/setup 2>&1 | \
  255. tee $rootdir/var/log/freedombone-setup.log
  256. # Remove SSH keys from the image
  257. rm $rootdir/etc/ssh/ssh_host_* || true
  258. if [[ "$MACHINE" != "beaglebone" ]]; then
  259. chroot $rootdir apt-get -y install haveged
  260. else
  261. chroot $rootdir apt-get -y install rng-tools
  262. sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' $rootdir/etc/default/rng-tools
  263. fi
  264. # copy u-boot to beginning of image
  265. case "$MACHINE" in
  266. beaglebone)
  267. dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/MLO of="$image" \
  268. count=1 seek=1 conv=notrunc bs=128k
  269. dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/u-boot.img of="$image" \
  270. count=2 seek=1 conv=notrunc bs=384k
  271. ;;
  272. cubieboard2)
  273. dd if=$rootdir/usr/lib/u-boot/Cubieboard2/u-boot-sunxi-with-spl.bin of="$image" \
  274. seek=8 conv=notrunc bs=1k
  275. ;;
  276. esac
  277. if $use_eatmydata ; then
  278. disable_eatmydata_override
  279. fi
  280. set_apt_sources $MIRROR
  281. chroot "$rootdir" apt-get update
  282. configure_ssh
  283. configure_networking
  284. admin_user_sudo
  285. create_generic_image
  286. continue_installation
  287. cd /
  288. echo "info: killing leftover processes in chroot"
  289. # 2014-11-04 this killed /usr/lib/erlang/erts-6.2/bin/epmd, see
  290. # <URL: https://www.ejabberd.im/epmd?q=epmd > to learn more.
  291. fuser -mvk $rootdir/. || true