From e8204ba10c724d22cff1a86ddfb2595676de2803 2019-10-27 04:32:25 From: Unknown Date: 2019-10-27 04:32:25 Subject: [PATCH] 0 --- diff --git a/bootstrap.d/11-apt.sh b/bootstrap.d/11-apt.sh index 2c1ad4b..3699de0 100644 --- a/bootstrap.d/11-apt.sh +++ b/bootstrap.d/11-apt.sh @@ -16,9 +16,14 @@ install_readonly files/apt/sources.list "${ETC_DIR}/apt/sources.list" # Use specified APT server and release sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" "${ETC_DIR}/apt/sources.list" + +#Fix for changing path for security updates in testing/bullseye if [ "$RELEASE" = "testing" ] ; then sed -i "s,stretch\\/updates,testing-security," "${ETC_DIR}/apt/sources.list" -else +fi + +if [ -z "$RELEASE" ] ; then +# Change release in sources list sed -i "s/ stretch/ ${RELEASE}/" "${ETC_DIR}/apt/sources.list" fi diff --git a/bootstrap.d/14-fstab.sh b/bootstrap.d/14-fstab.sh index 398ac51..c8461a4 100644 --- a/bootstrap.d/14-fstab.sh +++ b/bootstrap.d/14-fstab.sh @@ -8,23 +8,20 @@ # Install and setup fstab install_readonly files/mount/fstab "${ETC_DIR}/fstab" -# Add usb/sda disk root partition to fstab -if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ] ; then - sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab" -fi - -if [ "$ENABLE_USBBOOT" = true ] ; then +#USB BOOT /boot on sda1 / on sda2 +if [ "$ENABLE_USBBOOT" = true ] && [ "$ENABLE_CRYPTFS" = false ]; then sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/fstab" fi +# Add usb/sda disk root partition to fstab +if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_CRYPTFS" = false ]; then + sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/fstab" +fi + # Generate initramfs file if [ "$ENABLE_INITRAMFS" = true ] ; then if [ "$ENABLE_CRYPTFS" = true ] ; then - if [ "$ENABLE_USBBOOT" = true ] ; then - # Add usb/sda2 disk to crypttab - sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" - fi # Include initramfs scripts to auto expand encrypted root partition if [ "$EXPANDROOT" = true ] ; then @@ -39,9 +36,15 @@ if [ "$ENABLE_INITRAMFS" = true ] ; then # Add encrypted partition to crypttab and fstab install_readonly files/mount/crypttab "${ETC_DIR}/crypttab" echo "${CRYPTFS_MAPPING} /dev/mmcblk0p2 none luks,initramfs" >> "${ETC_DIR}/crypttab" + + if [ "$ENABLE_USBBOOT" = true ] && [ "$ENABLE_SPLITFS" = false ]; then + sed -i "s/mmcblk0p1/sda1/" "${ETC_DIR}/fstab" + # Add usb/sda2 disk to crypttab + sed -i "s/mmcblk0p2/sda2/" "${ETC_DIR}/crypttab" + fi # Add encrypted root partition to fstab and crypttab - if [ "$ENABLE_SPLITFS" = true ] ; then + if [ "$ENABLE_SPLITFS" = true ] && [ "$ENABLE_USBBOOT" = false ]; then # Add usb/sda1 disk to crypttab sed -i "s/mmcblk0p2/sda1/" "${ETC_DIR}/crypttab" fi @@ -56,9 +59,6 @@ if [ "$ENABLE_INITRAMFS" = true ] ; then # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf sed -i "\$a\nIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf - - #Regenerate initramfs - #chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" fi if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then @@ -100,10 +100,10 @@ if [ "$ENABLE_INITRAMFS" = true ] ; then fi # Add cryptsetup modules to initramfs - printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" + #printf "#\n# CRYPTSETUP: [ y | n ]\n#\n\nCRYPTSETUP=y\n" >> "${ETC_DIR}/initramfs-tools/conf-hook" # Dummy mapping required by mkinitramfs - echo "0 1 crypt $(echo "${CRYPTFS_CIPHER}" | cut -d ':' -f 1) ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" + echo "0 1 crypt "${CRYPTFS_CIPHER}" ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 0 7:0 4096" | chroot_exec dmsetup create "${CRYPTFS_MAPPING}" # Generate initramfs with encrypted root partition support chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh index 66196fb..c9215d8 100755 --- a/rpi23-gen-image.sh +++ b/rpi23-gen-image.sh @@ -863,7 +863,7 @@ mkdir -p "$BUILDDIR/mount/boot/firmware" mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware" # Copy all files from the chroot to the loop device mount point directory -rsync -a -v --stats --progress "${R}/" "$BUILDDIR/mount/" +rsync -a --progress "${R}/" "$BUILDDIR/mount/" # Unmount all temporary loop devices and mount points cleanup