free
/
freedombone


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346
							#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# Based on bin/freedombox-customize from freedom-maker
#
# License
# =======
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

set -e
set -x

PROJECT_NAME='freedombone'

MY_USERNAME='debian'
MY_PASSWORD='freedombone'

# IP address of the router (gateway)
ROUTER_IP_ADDRESS="192.168.1.254"

# The fixed IP address of the Beaglebone Black on your local network
BOX_IP_ADDRESS="192.168.1.55"

# DNS
NAMESERVER1='213.73.91.35'
NAMESERVER2='85.214.20.141'

# optional configuration file containing freedombone settings
CONFIG_FILENAME=

# Optional ssh public key to allow
SSH_PUBKEY="no"

# Whether this is a generic image for mass redistribution on the interwebs
GENERIC_IMAGE="no"

enable_eatmydata_override() {
    chroot $rootdir apt-get install --no-install-recommends -y eatmydata
    if [ -x $rootdir/usr/bin/eatmydata ] && \
        [ ! -f $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata ]; then
        echo "info: Adding apt config to call dpkg via eatmydata"
        printf "#!/bin/sh\nexec eatmydata dpkg \"\$@\"\n" \
            > $rootdir/var/tmp/dpkg-eatmydata
        chmod 755 $rootdir/var/tmp/dpkg-eatmydata
        cat > $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata <<EOF
Dir::Bin::dpkg "/var/tmp/dpkg-eatmydata";
EOF
    else
        echo "error: unable to find /usr/bin/eatmydata after installing the eatmydata package"
    fi
}

disable_eatmydata_override() {
    for override in \
        /etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata \
        /var/tmp/dpkg-eatmydata ; do
        echo "info: Removing apt config to call dpkg via eatmydata"
        if [ -f $rootdir$override ] ; then
            rm -f $rootdir$override
        else
            echo "warning: missing $rootdir$override"
        fi
    done
    sync # Flush file buffers before continuing
}

set_apt_sources() {
    NEW_MIRROR="$1"
    COMPONENTS="main"

    cat <<EOF > etc/apt/sources.list
deb $NEW_MIRROR $SUITE $COMPONENTS
deb-src $NEW_MIRROR $SUITE $COMPONENTS

#deb http://security.debian.org/ $SUITE/updates main
#deb-src http://security.debian.org/ $SUITE/updates main
EOF
}

configure_networking() {
    echo "# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address $BOX_IP_ADDRESS
    netmask 255.255.255.0
    gateway $ROUTER_IP_ADDRESS
    dns-nameservers $NAMESERVER1 $NAMESERVER2
# Example to keep MAC address between reboots
#hwaddress ether B5:A2:BE:3F:1A:FE

# The secondary network interface
#auto eth1
#iface eth1 inet dhcp

# WiFi Example
#auto wlan0
#iface wlan0 inet dhcp
#    wpa-ssid \"essid\"
#    wpa-psk  \"password\"

# Ethernet/RNDIS gadget (g_ether)
# ... or on host side, usbnet and random hwaddr
# Note on some boards, usb0 is automaticly setup with an init script
#iface usb0 inet static
#    address 192.168.7.2
#    netmask 255.255.255.0
#    network 192.168.7.0
#    gateway 192.168.7.1" > $rootdir/etc/network/interfaces

    hexarray=( 1 2 3 4 5 6 7 8 9 0 a b c d e f )
    a=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
    b=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
    c=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
    d=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
    e=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]}
    sed -i "s|#hwaddress ether.*|hwaddress ether de:$a:$b:$c:$d:$e|g" \
        $rootdir/etc/network/interfaces

    sed -i "s/nameserver.*/nameserver $NAMESERVER1/g" $rootdir/etc/resolv.conf
    sed -i "/nameserver $NAMESERVER1/a\nameserver $NAMESERVER2" $rootdir/etc/resolv.conf

    # change the motd to show further install instructions
    echo "
 .---.                  .              .
 |                      |              |
 |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
 |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
 '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'

                    Initial base install

Your system is not yet installed. To complete the process run the
following commands, then enter your details.

    sudo su
    freedombone menuconfig

" > $rootdir/etc/motd
}

configure_ssh() {
    sed -i "s/Port .*/Port 2222/g" $rootdir/etc/ssh/sshd_config

    if [[ "$SSH_PUBKEY" != "no" ]]; then
        if [ ! -d $rootdir/home/$MY_USERNAME/.ssh ]; then
            mkdir $rootdir/home/$MY_USERNAME/.ssh
        fi
        echo "$SSH_PUBKEY" > $rootdir/home/$MY_USERNAME/.ssh/authorized_keys
        chroot $rootdir chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh
        sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config
        echo "Using ssh public key:"
        echo $SSH_PUBKEY
        echo 'Password ssh authentication turned off'
    fi
}

admin_user_sudo() {
    echo "$MY_USERNAME  ALL=(ALL) ALL" >> $rootdir/etc/sudoers
}

create_generic_image() {
    if [[ $GENERIC_IMAGE == "no" ]]; then
		return
	fi
    # Don't install any configuration. This will be a base system
    CONFIG_FILENAME=
	# The presence of this file indicates that the initial
	# setup has not yet been completed
    touch $rootdir/home/$MY_USERNAME/.initial_setup
    touch $rootdir/home/root/.bashrc
   
	cat >> $rootdir/home/$MY_USERNAME/.bashrc <<EOF
# initial setup of the system
if [ -f ~/.initial_setup ]; then
    clear
    echo '>>> Freedombone system initial setup <<<'
    echo ''
    echo 'The first thing you need to do is to change your password, otherwise'
    echo 'your system will be insecure. Your password should be at least 10'
    echo 'characters long and contain letters and numbers. Do this now:'
    passwd
    rm ~/.initial_setup
    sudo su
fi
EOF

	cat >> $rootdir/home/root/.bashrc <<EOF
# initial setup of the system
if [ -f ~/.initial_setup ]; then
    freedombone menuconfig
    rm ~/.initial_setup
fi
EOF
}

continue_installation() {
    # If a configuration file exists then run with it
    # otherwise the interactive installer can be used
    # This is equivalent to installing freedombox-setup on freedombox
    if [ $CONFIG_FILENAME ]; then
        if [ ${#CONFIG_FILENAME} -gt 2 ]; then
            cp $CONFIG_FILENAME $rootdir/root/$PROJECT_NAME.cfg
            chroot $rootdir $PROJECT_NAME -c /root/$PROJECT_NAME.cfg
        fi
    fi
}

# Set to true/false to control if eatmydata is used during build
use_eatmydata=true

rootdir="$1"
fmdir="$(pwd)"
image="$fmdir"/"$2"
cd "$rootdir"

echo info: building $MACHINE for $ARCHITECTURE

export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
export LC_ALL=C LANGUAGE=C LANG=C

# Override libpam-tmpdir setting during build, as the directories
# are not created yet.
export TMP=/tmp/ TMPDIR=/tmp/

username=$MY_USERNAME
echo "warning: creating initial user $username with well known password!"
password=$MY_PASSWORD
chroot "$rootdir" adduser --gecos $username --disabled-password $username
echo $username:$password | chroot $rootdir /usr/sbin/chpasswd
chroot "$rootdir" adduser $username sudo

case "$MACHINE" in
    virtualbox)
        # hide irrelevant console keyboard messages.
        echo "echo \"4 4 1 7\" > /proc/sys/kernel/printk" \
            >> /etc/init.d/rc.local
        ;;
    qemu)
        # hide irrelevant console keyboard messages.
        echo "echo \"4 4 1 7\" > /proc/sys/kernel/printk" \
            >> /etc/init.d/rc.local
        ;;
esac

set_apt_sources $BUILD_MIRROR
chroot "$rootdir" apt-get update

cat > $rootdir/usr/sbin/policy-rc.d <<EOF
#!/bin/sh
exit 101
EOF
chmod a+rx $rootdir/usr/sbin/policy-rc.d

if $use_eatmydata ; then
    enable_eatmydata_override
fi

if [ -n "$CUSTOM_SETUP" ]; then
    cp "$CUSTOM_SETUP" "$rootdir"/tmp
    chroot "$rootdir" apt-get install -y gdebi-core
    chroot "$rootdir" gdebi -n /tmp/"$(basename $CUSTOM_SETUP)"
fi

chroot "$rootdir" apt-get install -y sudo git dialog build-essential openssh-server
chroot "$rootdir" /bin/bash -x <<EOF
git clone https://github.com/bashrc/freedombone /root/freedombone
cd /root/freedombone
make install
EOF

chroot "$rootdir" freedombone-image-hardware-setup 2>&1 | \
    tee $rootdir/var/log/freedombone-image-hardware-setup.log

rm $rootdir/usr/sbin/policy-rc.d

chroot "$rootdir" /usr/lib/freedombone/setup 2>&1 | \
    tee $rootdir/var/log/freedombone-setup.log

# Remove SSH keys from the image
rm $rootdir/etc/ssh/ssh_host_* || true

if [[ "$MACHINE" != "beaglebone" ]]; then
    chroot $rootdir apt-get -y install haveged
else
    chroot $rootdir apt-get -y install rng-tools
    sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' $rootdir/etc/default/rng-tools
fi

# copy u-boot to beginning of image
case "$MACHINE" in
    beaglebone)
        dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/MLO of="$image" \
           count=1 seek=1 conv=notrunc bs=128k
        dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/u-boot.img of="$image" \
           count=2 seek=1 conv=notrunc bs=384k
        ;;
    cubieboard2)
        dd if=$rootdir/usr/lib/u-boot/Cubieboard2/u-boot-sunxi-with-spl.bin of="$image" \
           seek=8 conv=notrunc bs=1k
        ;;
esac

if $use_eatmydata ; then
    disable_eatmydata_override
fi

set_apt_sources $MIRROR
chroot "$rootdir" apt-get update

configure_ssh
configure_networking
admin_user_sudo
create_generic_image
continue_installation

cd /
echo "info: killing leftover processes in chroot"
# 2014-11-04 this killed /usr/lib/erlang/erts-6.2/bin/epmd, see
# <URL: https://www.ejabberd.im/epmd?q=epmd > to learn more.
fuser -mvk $rootdir/. || true