diff --git a/bootstrap.d/10-bootstrap.sh b/bootstrap.d/10-bootstrap.sh index 93bf254..1840e37 100644 --- a/bootstrap.d/10-bootstrap.sh +++ b/bootstrap.d/10-bootstrap.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # Debootstrap basic system # diff --git a/bootstrap.d/11-apt.sh b/bootstrap.d/11-apt.sh index 51a810d..df7e5d7 100644 --- a/bootstrap.d/11-apt.sh +++ b/bootstrap.d/11-apt.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # Setup APT repositories # diff --git a/bootstrap.d/12-locale.sh b/bootstrap.d/12-locale.sh index c626142..b7481e0 100644 --- a/bootstrap.d/12-locale.sh +++ b/bootstrap.d/12-locale.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # Setup Locales and keyboard settings # diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh index 137da83..79a35e6 100644 --- a/bootstrap.d/13-kernel.sh +++ b/bootstrap.d/13-kernel.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # Build and Setup RPi2/3 Kernel # @@ -93,20 +94,22 @@ if [ "$BUILD_KERNEL" = true ] ; then echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config if [ "$ENABLE_CRYPTFS" = true ] ; then - echo "CONFIG_EMBEDDED=y" >> "${KERNEL_DIR}"/.config - echo "CONFIG_EXPERT=y" >> "${KERNEL_DIR}"/.config - echo "CONFIG_DAX=y" >> "${KERNEL_DIR}"/.config - echo "CONFIG_MD=y" >> "${KERNEL_DIR}"/.config - echo "CONFIG_BLK_DEV_MD=y" >> "${KERNEL_DIR}"/.config - echo "CONFIG_MD_AUTODETECT=y" >> "${KERNEL_DIR}"/.config - echo "CONFIG_BLK_DEV_DM=y" >> "${KERNEL_DIR}"/.config - echo "CONFIG_BLK_DEV_DM_BUILTIN=y" >> "${KERNEL_DIR}"/.config - echo "CONFIG_DM_CRYPT=y" >> "${KERNEL_DIR}"/.config - echo "CONFIG_CRYPTO_BLKCIPHER=y" >> "${KERNEL_DIR}"/.config - echo "CONFIG_CRYPTO_CBC=y" >> "${KERNEL_DIR}"/.config - echo "CONFIG_CRYPTO_XTS=y" >> "${KERNEL_DIR}"/.config - echo "CONFIG_CRYPTO_SHA512=y" >> "${KERNEL_DIR}"/.config - echo "CONFIG_CRYPTO_MANAGER=y" >> "${KERNEL_DIR}"/.config + { + echo "CONFIG_EMBEDDED=y" + echo "CONFIG_EXPERT=y" + echo "CONFIG_DAX=y" + echo "CONFIG_MD=y" + echo "CONFIG_BLK_DEV_MD=y" + echo "CONFIG_MD_AUTODETECT=y" + echo "CONFIG_BLK_DEV_DM=y" + echo "CONFIG_BLK_DEV_DM_BUILTIN=y" + echo "CONFIG_DM_CRYPT=y" + echo "CONFIG_CRYPTO_BLKCIPHER=y" + echo "CONFIG_CRYPTO_CBC=y" + echo "CONFIG_CRYPTO_XTS=y" + echo "CONFIG_CRYPTO_SHA512=y" + echo "CONFIG_CRYPTO_MANAGER=y" + } >> "${KERNEL_DIR}"/.config fi fi diff --git a/bootstrap.d/14-fstab.sh b/bootstrap.d/14-fstab.sh index 0a8eb19..577d092 100644 --- a/bootstrap.d/14-fstab.sh +++ b/bootstrap.d/14-fstab.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # Setup fstab and initramfs # @@ -45,7 +46,7 @@ if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" # Dummy mapping required by mkinitramfs - echo "0 1 crypt $(echo ${CRYPTFS_CIPHER} | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" + echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" # Generate initramfs with encrypted root partition support chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" @@ -57,3 +58,4 @@ if [ "$BUILD_KERNEL" = true ] && [ "$ENABLE_INITRAMFS" = true ] ; then chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" fi fi + diff --git a/bootstrap.d/15-rpi-config.sh b/bootstrap.d/15-rpi-config.sh index ef44325..5333234 100644 --- a/bootstrap.d/15-rpi-config.sh +++ b/bootstrap.d/15-rpi-config.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # Setup RPi2/3 config and cmdline # @@ -8,13 +9,13 @@ if [ "$BUILD_KERNEL" = true ] ; then if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then # Install boot binaries from local directory - cp ${RPI_FIRMWARE_DIR}/boot/bootcode.bin ${BOOT_DIR}/bootcode.bin - cp ${RPI_FIRMWARE_DIR}/boot/fixup.dat ${BOOT_DIR}/fixup.dat - cp ${RPI_FIRMWARE_DIR}/boot/fixup_cd.dat ${BOOT_DIR}/fixup_cd.dat - cp ${RPI_FIRMWARE_DIR}/boot/fixup_x.dat ${BOOT_DIR}/fixup_x.dat - cp ${RPI_FIRMWARE_DIR}/boot/start.elf ${BOOT_DIR}/start.elf - cp ${RPI_FIRMWARE_DIR}/boot/start_cd.elf ${BOOT_DIR}/start_cd.elf - cp ${RPI_FIRMWARE_DIR}/boot/start_x.elf ${BOOT_DIR}/start_x.elf + cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin + cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat + cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat + cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat + cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf + cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf + cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf else # Create temporary directory for boot binaries temp_dir=$(as_nobody mktemp -d) @@ -50,9 +51,9 @@ fi # Add encrypted root partition to cmdline.txt if [ "$ENABLE_CRYPTFS" = true ] ; then if [ "$ENABLE_SPLITFS" = true ] ; then - CMDLINE=$(echo ${CMDLINE} | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") + CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/") else - CMDLINE=$(echo ${CMDLINE} | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") + CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/") fi fi @@ -139,7 +140,7 @@ if [ "$ENABLE_SPI" = true ] ; then fi # Disable RPi2/3 under-voltage warnings -if [ ! -z "$DISABLE_UNDERVOLT_WARNINGS" ] ; then +if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt" fi @@ -149,3 +150,4 @@ install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi # Install sysctl.d configuration files install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf" + diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh index c386754..2ae1d86 100644 --- a/bootstrap.d/20-networking.sh +++ b/bootstrap.d/20-networking.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # Setup Networking # @@ -89,14 +90,14 @@ if [ "$ENABLE_HARDNET" = true ] ; then fi # Enable time sync -if [ "NET_NTP_1" != "" ] ; then +if [ "$NET_NTP_1" != "" ] ; then chroot_exec systemctl enable systemd-timesyncd.service fi # Download the firmware binary blob required to use the RPi3 wireless interface if [ "$ENABLE_WIRELESS" = true ] ; then - if [ ! -d ${WLAN_FIRMWARE_DIR} ] ; then - mkdir -p ${WLAN_FIRMWARE_DIR} + if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then + mkdir -p "${WLAN_FIRMWARE_DIR}" fi # Create temporary directory for firmware binary blob diff --git a/bootstrap.d/21-firewall.sh b/bootstrap.d/21-firewall.sh index 4e4de26..25b64c6 100644 --- a/bootstrap.d/21-firewall.sh +++ b/bootstrap.d/21-firewall.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # Setup Firewall # diff --git a/bootstrap.d/30-security.sh b/bootstrap.d/30-security.sh index 8b0e464..3a9f1c9 100644 --- a/bootstrap.d/30-security.sh +++ b/bootstrap.d/30-security.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # Setup users and security settings # @@ -6,13 +7,13 @@ . ./functions.sh # Generate crypt(3) password string -ENCRYPTED_PASSWORD=`mkpasswd -m sha-512 "${PASSWORD}"` -ENCRYPTED_USER_PASSWORD=`mkpasswd -m sha-512 "${USER_PASSWORD}"` +ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}") +ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}") # Setup default user if [ "$ENABLE_USER" = true ] ; then - chroot_exec adduser --gecos $USER_NAME --add_extra_groups --disabled-password $USER_NAME - chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" $USER_NAME + chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME" + chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME" fi # Setup root password or not diff --git a/bootstrap.d/32-sshd.sh b/bootstrap.d/32-sshd.sh index 162fdb2..2f7baf4 100644 --- a/bootstrap.d/32-sshd.sh +++ b/bootstrap.d/32-sshd.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # Setup SSH settings and public keys # @@ -28,7 +29,7 @@ if [ "$ENABLE_SSHD" = true ] ; then fi # Add SSH (v2) public key for user root - if [ ! -z "$SSH_ROOT_PUB_KEY" ] ; then + if [ -n "$SSH_ROOT_PUB_KEY" ] ; then # Create root SSH config directory mkdir -p "${R}/root/.ssh" @@ -52,20 +53,20 @@ if [ "$ENABLE_SSHD" = true ] ; then if [ "$ENABLE_USER" = true ] ; then # Add SSH (v2) public key for user $USER_NAME - if [ ! -z "$SSH_USER_PUB_KEY" ] ; then + if [ -n "$SSH_USER_PUB_KEY" ] ; then # Create $USER_NAME SSH config directory mkdir -p "${R}/home/${USER_NAME}/.ssh" # Set permissions of $USER_NAME SSH config directory chroot_exec chmod 700 "/home/${USER_NAME}/.ssh" - chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh" + chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh" # Add SSH (v2) public key(s) to authorized_keys file cat "$SSH_USER_PUB_KEY" >> "${R}/home/${USER_NAME}/.ssh/authorized_keys" # Set permissions of $USER_NAME SSH config directory chroot_exec chmod 600 "/home/${USER_NAME}/.ssh/authorized_keys" - chroot_exec chown ${USER_NAME}:${USER_NAME} "/home/${USER_NAME}/.ssh/authorized_keys" + chroot_exec chown "${USER_NAME}":"${USER_NAME}" "/home/${USER_NAME}/.ssh/authorized_keys" if [ "$ENABLE_REDUCE" = false ] || [ "$REDUCE_SSHD" = false ] ; then # Allow SSH public key authentication @@ -85,7 +86,7 @@ if [ "$ENABLE_SSHD" = true ] ; then allowed_users="${allowed_users} ${USER_NAME}" fi - if [ ! -z "$allowed_users" ] ; then + if [ -n "$allowed_users" ] ; then echo "AllowUsers ${allowed_users}" >> "${ETC_DIR}/ssh/sshd_config" fi fi diff --git a/bootstrap.d/41-uboot.sh b/bootstrap.d/41-uboot.sh index f107440..0955cfe 100644 --- a/bootstrap.d/41-uboot.sh +++ b/bootstrap.d/41-uboot.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # Build and Setup U-Boot # @@ -32,7 +33,7 @@ if [ "$ENABLE_UBOOT" = true ] ; then fi # Build and install U-Boot inside chroot - chroot_exec make -j${KERNEL_THREADS} -C /tmp/u-boot/ ${UBOOT_CONFIG} all + chroot_exec make -j"${KERNEL_THREADS}" -C /tmp/u-boot/ "${UBOOT_CONFIG}" all # Copy compiled bootloader binary and set config.txt to load it install_exec "${R}/tmp/u-boot/tools/mkimage" "${R}/usr/sbin/mkimage" @@ -41,7 +42,7 @@ if [ "$ENABLE_UBOOT" = true ] ; then # Install and setup U-Boot command file install_readonly files/boot/uboot.mkimage "${BOOT_DIR}/uboot.mkimage" - printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" + printf "# Set the kernel boot command line\nsetenv bootargs \"earlyprintk ${CMDLINE}\"\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" if [ "$ENABLE_INITRAMFS" = true ] ; then # Convert generated initramfs for U-Boot using mkimage @@ -51,7 +52,7 @@ if [ "$ENABLE_UBOOT" = true ] ; then rm -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" # Configure U-Boot to load generated initramfs - printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat ${BOOT_DIR}/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" + printf "# Set initramfs file\nsetenv initramfs initramfs-${KERNEL_VERSION}.uboot\n\n$(cat "${BOOT_DIR}"/uboot.mkimage)" > "${BOOT_DIR}/uboot.mkimage" printf "\nbootz \${kernel_addr_r} \${ramdisk_addr_r} \${fdt_addr_r}" >> "${BOOT_DIR}/uboot.mkimage" else # ENABLE_INITRAMFS=false # Remove initramfs from U-Boot mkfile @@ -86,3 +87,4 @@ if [ "$ENABLE_UBOOT" = true ] ; then # Remove U-Boot sources rm -fr "${R}/tmp/u-boot" fi + diff --git a/bootstrap.d/42-fbturbo.sh b/bootstrap.d/42-fbturbo.sh index a5ede42..88ea809 100644 --- a/bootstrap.d/42-fbturbo.sh +++ b/bootstrap.d/42-fbturbo.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # Build and Setup fbturbo Xorg driver # diff --git a/bootstrap.d/50-firstboot.sh b/bootstrap.d/50-firstboot.sh index cc76f34..d7c3162 100644 --- a/bootstrap.d/50-firstboot.sh +++ b/bootstrap.d/50-firstboot.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # First boot actions # diff --git a/bootstrap.d/99-reduce.sh b/bootstrap.d/99-reduce.sh index c339e0d..dcf39d0 100644 --- a/bootstrap.d/99-reduce.sh +++ b/bootstrap.d/99-reduce.sh @@ -1,3 +1,4 @@ +#!/bin/bash # # Reduce system disk usage # @@ -25,8 +26,8 @@ if [ "$ENABLE_REDUCE" = true ] ; then # Remove all doc files if [ "$REDUCE_DOC" = true ] ; then - find "${R}/usr/share/doc" -depth -type f ! -name copyright | xargs rm || true - find "${R}/usr/share/doc" -empty | xargs rmdir || true + find "${R}/usr/share/doc" -depth -type f ! -name copyright -print0 | xargs -0 rm || true + find "${R}/usr/share/doc" -empty -print0 | xargs -0 rmdir || true fi # Remove all man pages and info files @@ -36,7 +37,7 @@ if [ "$ENABLE_REDUCE" = true ] ; then # Remove all locale translation files if [ "$REDUCE_LOCALE" = true ] ; then - find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' | xargs rm -r + find "${R}/usr/share/locale" -mindepth 1 -maxdepth 1 ! -name 'en' -print0 | xargs -0 rm -r fi # Remove hwdb PCI device classes (experimental) diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh index 7e35325..83537d1 100755 --- a/rpi23-gen-image.sh +++ b/rpi23-gen-image.sh @@ -459,7 +459,7 @@ fi mkdir -p "${R}" # Check if build directory has enough of free disk space >512MB -if [ "$(df --output=avail ${BUILDDIR} | sed "1d")" -le "524288" ] ; then +if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then echo "error: ${BUILDDIR} not enough space left to generate the output image!" exit 1 fi