Initial commit
This commit is contained in:
Michael Stapelberg
134
raspi3.yaml
Normal file
134
raspi3.yaml
Normal file
@@ -0,0 +1,134 @@
|
||||
# See https://wiki.debian.org/RaspberryPi3 for known issues and more details.
|
||||
|
||||
steps:
|
||||
- mkimg: "{{ output }}"
|
||||
size: 1500M
|
||||
|
||||
- mklabel: msdos
|
||||
device: "{{ output }}"
|
||||
|
||||
- mkpart: primary
|
||||
fs-type: 'fat32'
|
||||
device: "{{ output }}"
|
||||
start: 0%
|
||||
end: 20%
|
||||
part-tag: boot-part
|
||||
|
||||
- mkpart: primary
|
||||
device: "{{ output }}"
|
||||
start: 20%
|
||||
end: 100%
|
||||
part-tag: root-part
|
||||
|
||||
- mkfs: vfat
|
||||
partition: boot-part
|
||||
|
||||
- mkfs: ext4
|
||||
partition: root-part
|
||||
|
||||
- mount: root-part
|
||||
fs-tag: root-fs
|
||||
|
||||
- mount: boot-part
|
||||
mount-on: root-fs
|
||||
dirname: '/boot/firmware'
|
||||
fs-tag: boot-fs
|
||||
|
||||
# Without copying the archive keyring into the chroot, debootstraps second
|
||||
# stage will revert to a known-working HTTPS mirror. As snapshot.d.o does
|
||||
# not provide HTTPS at this point, we need to avert that.
|
||||
- shell: |
|
||||
mkdir -p "${ROOT?}/usr/share/keyrings"
|
||||
cp /usr/share/keyrings/debian-archive-keyring.gpg "${ROOT?}/usr/share/keyrings/debian-archive-keyring.gpg"
|
||||
root-fs: root-fs
|
||||
|
||||
# We need to use Debian buster (currently testing) instead of Debian stretch
|
||||
# (currently stable) for:
|
||||
#
|
||||
# linux ≥ 4.13.4-1
|
||||
# Which includes the sdhost driver for faster SD card access and making the
|
||||
# WiFi chip available.
|
||||
#
|
||||
# raspi3-firmware ≥ 1.20171006-1
|
||||
# Which includes a recent enough firmware version to correctly pass the MAC
|
||||
# address to the kernel. This is a regression with Linux ≥ 4.12, see
|
||||
# https://github.com/raspberrypi/firmware/issues/846
|
||||
- qemu-debootstrap: buster
|
||||
mirror: http://snapshot.debian.org/archive/debian/20171007T213914Z
|
||||
target: root-fs
|
||||
arch: arm64
|
||||
components:
|
||||
- main
|
||||
- contrib
|
||||
- non-free
|
||||
|
||||
# TODO(https://bugs.debian.org/877855): remove this workaround once
|
||||
# debootstrap is fixed
|
||||
- chroot: root-fs
|
||||
shell: |
|
||||
echo 'deb http://snapshot.debian.org/archive/debian/20171007T213914Z buster main contrib non-free' > /etc/apt/sources.list
|
||||
apt-get update
|
||||
|
||||
- apt: install
|
||||
packages:
|
||||
- ssh
|
||||
- dosfstools
|
||||
# Contains /lib/firmware/brcm/brcmfmac43430-sdio.bin (required for WiFi).
|
||||
- firmware-brcm80211
|
||||
- wireless-tools
|
||||
- wpasupplicant
|
||||
fs-tag: root-fs
|
||||
|
||||
# TODO: install raspi3-firmware and linux-image-arm64 from buster once they
|
||||
# migrated in sufficiently recent versions.
|
||||
- chroot: root-fs
|
||||
shell: |
|
||||
echo 'deb http://snapshot.debian.org/archive/debian/20171007T213914Z unstable main contrib non-free' >> /etc/apt/sources.list
|
||||
echo 'APT::Default-Release "buster";' > /etc/apt/apt.conf.d/08default-release
|
||||
apt-get update
|
||||
apt-get -y --no-show-progress -t unstable install raspi3-firmware linux-image-arm64
|
||||
|
||||
- shell: |
|
||||
echo "rpi3" > "${ROOT?}/etc/hostname"
|
||||
|
||||
# '..VyaTFxP8kT6' is crypt.crypt('raspberry', '..')
|
||||
sed -i 's,root:[^:]*,root:..VyaTFxP8kT6,' "${ROOT?}/etc/shadow"
|
||||
|
||||
sed -i 's,#PermitRootLogin prohibit-password,PermitRootLogin yes,g' "${ROOT?}/etc/ssh/sshd_config"
|
||||
|
||||
install -m 644 -o root -g root fstab "${ROOT?}/etc/fstab"
|
||||
|
||||
install -m 644 -o root -g root eth0 "${ROOT?}/etc/network/interfaces.d/eth0"
|
||||
|
||||
mkdir -p "${ROOT?}/etc/iptables"
|
||||
install -m 644 -o root -g root rules.v4 "${ROOT?}/etc/iptables/rules.v4"
|
||||
install -m 644 -o root -g root rules.v6 "${ROOT?}/etc/iptables/rules.v6"
|
||||
|
||||
install -m 755 -o root -g root rpi3-resizerootfs "${ROOT?}/usr/bin/rpi3-resizerootfs"
|
||||
install -m 644 -o root -g root rpi3-resizerootfs.service "${ROOT?}/etc/systemd/system"
|
||||
mkdir -p "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/"
|
||||
ln -s /etc/systemd/system/rpi3-resizerootfs.service "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/rpi3-resizerootfs.service"
|
||||
|
||||
install -m 644 -o root -g root rpi3-generate-ssh-host-keys.service "${ROOT?}/etc/systemd/system"
|
||||
mkdir -p "${ROOT?}/etc/systemd/system/multi-user.target.requires/"
|
||||
ln -s /etc/systemd/system/rpi3-generate-ssh-host-keys.service "${ROOT?}/etc/systemd/system/multi-user.target.requires/rpi3-generate-ssh-host-keys.service"
|
||||
rm -f ${ROOT?}/etc/ssh/ssh_host_*_key*
|
||||
|
||||
cat >> "${ROOT?}/etc/motd" <<'EOT'
|
||||
|
||||
Please change the root password by running passwd
|
||||
EOT
|
||||
root-fs: root-fs
|
||||
|
||||
# Clean up archive cache (likely not useful) and lists (likely outdated) to
|
||||
# reduce image size by several hundred megabytes.
|
||||
- chroot: root-fs
|
||||
shell: |
|
||||
apt-get clean
|
||||
rm -rf /var/lib/apt/lists
|
||||
|
||||
# TODO(https://github.com/larswirzenius/vmdb2/issues/24): remove once vmdb
|
||||
# clears /etc/resolv.conf on its own.
|
||||
- shell: |
|
||||
rm "${ROOT?}/etc/resolv.conf"
|
||||
root-fs: root-fs
|
||||
Reference in New Issue
Block a user