From ce65ef1581229c4972d6ac041b1320df4fb09fc5 2017-07-20 23:31:03
From: Gérard Vidal <gerard.vidal@ens-lyon.fr>
Date: 2017-07-20 23:31:03
Subject: [PATCH] Changes to enable buster image generation

some unsecure options have also been removed
The template used is also added ('*******' values must be changed
before execution).

---

diff --git a/bootstrap.d/10-bootstrap.sh b/bootstrap.d/10-bootstrap.sh
index e395437..ec01b72 100644
--- a/bootstrap.d/10-bootstrap.sh
+++ b/bootstrap.d/10-bootstrap.sh
@@ -24,11 +24,17 @@ if [ "$RELEASE" = "stretch" ] ; then
   EXCLUDES="--exclude=init,systemd-sysv"
 fi
 
+# Exclude packages if required by Debian buster release
+if [ "$RELEASE" = "buster" ] ; then
+  EXCLUDES="--exclude=init,systemd-sysv"
+fi
+  
 # Base debootstrap (unpack only)
 http_proxy=${APT_PROXY} debootstrap ${EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian"
 
-# Copy qemu emulator binary to chroot
-install_exec "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
+# Copy qemu emulator binary to chroot modified for changes in _apt management in buster
+#install_exec "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
+install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}"
 
 # Copy debian-archive-keyring.pgp
 mkdir -p "${R}/usr/share/keyrings"
diff --git a/bootstrap.d/11-apt.sh b/bootstrap.d/11-apt.sh
index a3870bd..a3d131b 100644
--- a/bootstrap.d/11-apt.sh
+++ b/bootstrap.d/11-apt.sh
@@ -21,7 +21,8 @@ if [ "$BUILD_KERNEL" = false ] ; then
 
   # Upgrade collabora package index and install collabora keyring
   chroot_exec apt-get -qq -y update
-  chroot_exec apt-get -qq -y --allow-unauthenticated install collabora-obs-archive-keyring
+  # Removed --allow-unauthenticated as suggested after modification on _apt privileges
+  chroot_exec apt-get -qq -y install collabora-obs-archive-keyring
 else # BUILD_KERNEL=true
   # Install APT sources.list
   install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list"
diff --git a/bootstrap.d/15-rpi-config.sh b/bootstrap.d/15-rpi-config.sh
index 37834cd..64fd3b9 100644
--- a/bootstrap.d/15-rpi-config.sh
+++ b/bootstrap.d/15-rpi-config.sh
@@ -73,8 +73,8 @@ else
   CMDLINE="${CMDLINE} net.ifnames=1"
 fi
 
-# Set init to systemd if required by Debian release
-if [ "$RELEASE" = "stretch" ] ; then
+# Set init to systemd if required by Debian release stretch or buster
+if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
   CMDLINE="${CMDLINE} init=/bin/systemd"
 fi
 
diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh
index bd3ce0a..f6d998f 100644
--- a/bootstrap.d/20-networking.sh
+++ b/bootstrap.d/20-networking.sh
@@ -56,8 +56,8 @@ fi
 # Remove empty settings from network configuration
 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
 
-# Move systemd network configuration if required by Debian release
-if [ "$RELEASE" = "stretch" ] ; then
+# Move systemd network configuration if required by Debian release stretch or buster
+if [ "$RELEASE" = "stretch" ] || [ "$RELEASE" = "buster" ] ; then
   mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
   rm -fr "${ETC_DIR}/systemd/network"
 fi
diff --git a/bootstrap.d/42-fbturbo.sh b/bootstrap.d/42-fbturbo.sh
index 0e8b064..a2d5717 100644
--- a/bootstrap.d/42-fbturbo.sh
+++ b/bootstrap.d/42-fbturbo.sh
@@ -32,6 +32,9 @@ if [ "$ENABLE_FBTURBO" = true ] ; then
     chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
   elif [ "$RELEASE" = "stretch" ] ; then
     chroot_exec apt-get -q -y --no-install-recommends --allow-unauthenticated install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
+  # removed --allow-unauthenticated as recommended after amendment on _apt privileges
+  elif [ "$RELEASE" = "buster" ] ; then
+    chroot_exec apt-get -q -y --no-install-recommends install xorg-dev xutils-dev x11proto-dri2-dev libltdl-dev libtool automake libdrm-dev
   fi
 
   # Build and install fbturbo driver inside chroot
diff --git a/templates/rpi3busterIFE b/templates/rpi3busterIFE
new file mode 100755
index 0000000..9560970
--- /dev/null
+++ b/templates/rpi3busterIFE
@@ -0,0 +1,90 @@
+# Configuration file raspi3 Stretch IFÉ 2017/04/15
+#
+APT_SERVER=ftp.fr.debian.org 
+APT_INCLUDES="gnupg,gnupg2,firmware-linux-nonfree,firmware-linux,dh-autoreconf,\
+gettext,build-essential,git,cmake,libjson-c-dev,unzip,usbutils,\
+bison,libboost-all-dev,automake,autoconf,autogen,libtool,libtool-bin,\
+pkg-config,checkinstall,menulibre,libnotify-bin,python3,python3-dev,\
+python,python-dev,python-configobj,python-cheetah,python-imaging,python-serial,python-usb,\
+python-tk,python3-tk,python3-scipy,pandoc,python-pypandoc,python3-pypandoc,\
+python-pandocfilters,python3-pandocfilters,\
+python-geopy,python3-geopy,python-pip,python3-pip,\
+pcre2-utils,libpcre++-dev,libpcre2-dev,libjpeg-dev,jed,i2c-tools,python-smbus,policykit-1,\
+pmount,ntpdate,\
+texlive,texlive-xetex,nginx-extras,ffmpeg,wicd,wicd-gtk,console-data,keyboard-configuration,\
+icedtea-8-plugin,openjdk-8-jdk,openjdk-8-jre,openjdk-8-jre-headless,libqtwebkit-dev,libqt5webkit5-dev,\
+libudev-dev,libzzip-dev,zlib1g-dev,libcanberra-gtk-module,libnss-myhostname,libfreetype6-dev,libpng16-16,\
+nmap,libltdl-dev,dbus-user-session,debian-archive-keyring,\
+xutils-dev,lxsession,openbox-lxde-session,lxde,x11proto-randr-dev,lxrandr,\
+tightvncserver,geany,geany-plugin-py,geany-plugin-markdown,firefox-esr,firefox-esr-l10n-fr"
+#----------------------
+RPI_MODEL=3 
+RELEASE="buster" 
+HOSTNAME="raspife3" 
+PASSWORD="***********"
+USER_PASSWORD="***********"
+DEFLOCAL="fr_FR.UTF-8" 
+TIMEZONE="Europe/Paris"
+EXPANDROOT=false
+#-----------------------
+XKB_MODEL="pc105" 
+XKB_LAYOUT="fr" 
+XKB_VARIANT="latin9" 
+XKB_OPTIONS=""
+#------------------------
+ENABLE_DHCP=true 
+#------------------------
+ENABLE_CONSOLE=false
+ENABLE_I2C=true
+ENABLE_SPI=true
+ENABLE_IPV6=true 
+ENABLE_SSHD=true 
+ENABLE_NONFREE=true 
+ENABLE_WIRELESS=true
+ENABLE_RSYSLOG=true 
+ENABLE_SOUND=true 
+ENABLE_HWRANDOM=true 
+ENABLE_MINGPU=true 
+ENABLE_DBUS=true 
+ENABLE_XORG=true
+ENABLE_WM="lxdm" 
+#------------------------
+ENABLE_MINBASE=false
+ENABLE_REDUCE=false
+ENABLE_UBOOT=false
+ENABLE_FBTURBO=true
+ENABLE_IPTABLES=false
+ENABLE_USER=true 
+USER_NAME=ens-ife
+ENABLE_ROOT=true 
+ENABLE_HARDNET=true
+ENABLE_INITRAMFS=true 
+ENABLE_IFNAMES=true
+#------------------------
+ENABLE_ROOT_SSH=false  
+SSH_LIMIT_USERS=false
+SSH_ROOT_PUB_KEY="/home/*******/.ssh/authorized_keys"
+SSH_USER_PUB_KEY="/home/*******/.ssh/authorized_keys"
+#------------------------
+BUILD_KERNEL=true 
+KERNEL_REDUCE=false
+KERNEL_HEADERS=true
+KERNEL_REMOVESRC=true
+KERNELSRC_CLEAN=true
+KERNELSRC_CONFIG=true
+#------------------------
+REDUCE_APT=false 
+REDUCE_DOC=true 
+REDUCE_MAN=false 
+REDUCE_HWDB=true
+REDUCE_BASH=false 
+REDUCE_SSHD=false
+REDUCE_LOCALE=false
+#-------------------------
+ENABLE_CRYPTFS=false
+#-------------------------
+BASEDIR=/data/RpiGenImage/Images/${RELEASE}
+DATE=`date +%Y-%m-%d`
+IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE}
+
+