Raspi2-3_GenImage Commit - r571:074c6821037d · Collaboration Tremplin des Sciences

1

#

1

#

2

# Setup Networking

2

# Setup Networking

3

#

3

#

4

5

# Load utility functions

5

# Load utility functions

6

. ./functions.sh

6

. ./functions.sh

7

8

# Install and setup hostname

8

# Install and setup hostname

9

install_readonly files/network/hostname "${ETC_DIR}/hostname"

9

install_readonly files/network/hostname "${ETC_DIR}/hostname"

10

sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"

10

sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"

11

12

# Install and setup hosts

12

# Install and setup hosts

13

install_readonly files/network/hosts "${ETC_DIR}/hosts"

13

install_readonly files/network/hosts "${ETC_DIR}/hosts"

14

sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"

14

sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"

15

16

# Setup hostname entry with static IP

16

# Setup hostname entry with static IP

17

if [ "$NET_ADDRESS" != "" ] ; then

17

if [ "$NET_ADDRESS" != "" ] ; then

18

NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')

18

NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')

19

sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"

19

sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"

20

fi

20

fi

21

22

# Remove IPv6 hosts

22

# Remove IPv6 hosts

23

if [ "$ENABLE_IPV6" = false ] ; then

23

if [ "$ENABLE_IPV6" = false ] ; then

24

sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"

24

sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"

25

fi

25

fi

26

27

# Install hint about network configuration

27

# Install hint about network configuration

28

install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"

28

install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"

29

30

# Install configuration for interface eth0

30

# Install configuration for interface eth0

31

install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"

31

install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"

32

33

if [ "$RPI_MODEL" = 3P ] ; then

34

printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network"

35

fi

36

33

# Install configuration for interface wl*

37

# Install configuration for interface wl*

34

install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"

38

install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"

35

39

36

#always with dhcp since wpa_supplicant integration is missing

40

#always with dhcp since wpa_supplicant integration is missing

37

sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"

41

sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"

38

42

39

if [ "$ENABLE_DHCP" = true ] ; then

43

if [ "$ENABLE_DHCP" = true ] ; then

40

# Enable DHCP configuration for interface eth0

44

# Enable DHCP configuration for interface eth0

41

sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"

45

sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"

42

46

43

# Set DHCP configuration to IPv4 only

47

# Set DHCP configuration to IPv4 only

44

if [ "$ENABLE_IPV6" = false ] ; then

48

if [ "$ENABLE_IPV6" = false ] ; then

45

sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"

49

sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"

46

fi

50

fi

47

51

48

else # ENABLE_DHCP=false

52

else # ENABLE_DHCP=false

49

# Set static network configuration for interface eth0

53

# Set static network configuration for interface eth0

50

sed -i\

54

sed -i\

51

-e "s|DHCP=.*|DHCP=no|"\

55

-e "s|DHCP=.*|DHCP=no|"\

52

-e "s|Address=\$|Address=${NET_ADDRESS}|"\

56

-e "s|Address=\$|Address=${NET_ADDRESS}|"\

53

-e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\

57

-e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\

54

-e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\

58

-e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\

55

-e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\

59

-e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\

56

-e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\

60

-e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\

57

-e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\

61

-e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\

58

-e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\

62

-e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\

59

"${ETC_DIR}/systemd/network/eth.network"

63

"${ETC_DIR}/systemd/network/eth.network"

60

fi

64

fi

61

65

62

# Remove empty settings from network configuration

66

# Remove empty settings from network configuration

63

sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"

67

sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"

64

# Remove empty settings from wlan configuration

68

# Remove empty settings from wlan configuration

65

sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"

69

sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"

66

70

67

# Move systemd network configuration if required by Debian release

71

# Move systemd network configuration if required by Debian release

68

mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"

72

mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"

69

# If WLAN is enabled copy wlan configuration too

73

# If WLAN is enabled copy wlan configuration too

70

if [ "$ENABLE_WIRELESS" = true ] ; then

74

if [ "$ENABLE_WIRELESS" = true ] ; then

71

mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"

75

mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"

72

fi

76

fi

73

rm -fr "${ETC_DIR}/systemd/network"

77

rm -fr "${ETC_DIR}/systemd/network"

74

78

75

# Enable systemd-networkd service

79

# Enable systemd-networkd service

76

chroot_exec systemctl enable systemd-networkd

80

chroot_exec systemctl enable systemd-networkd

77

81

78

# Install host.conf resolver configuration

82

# Install host.conf resolver configuration

79

install_readonly files/network/host.conf "${ETC_DIR}/host.conf"

83

install_readonly files/network/host.conf "${ETC_DIR}/host.conf"

80

84

81

# Enable network stack hardening

85

# Enable network stack hardening

82

if [ "$ENABLE_HARDNET" = true ] ; then

86

if [ "$ENABLE_HARDNET" = true ] ; then

83

# Install sysctl.d configuration files

87

# Install sysctl.d configuration files

84

install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"

88

install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"

85

89

86

# Setup resolver warnings about spoofed addresses

90

# Setup resolver warnings about spoofed addresses

87

sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"

91

sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"

88

fi

92

fi

89

93

90

# Enable time sync

94

# Enable time sync

91

if [ "$NET_NTP_1" != "" ] ; then

95

if [ "$NET_NTP_1" != "" ] ; then

92

chroot_exec systemctl enable systemd-timesyncd.service

96

chroot_exec systemctl enable systemd-timesyncd.service

93

fi

97

fi

94

98

95

# Download the firmware binary blob required to use the RPi3 wireless interface

99

# Download the firmware binary blob required to use the RPi3 wireless interface

96

if [ "$ENABLE_WIRELESS" = true ] ; then

100

if [ "$ENABLE_WIRELESS" = true ] ; then

97

if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then

101

if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then

98

mkdir -p "${WLAN_FIRMWARE_DIR}"

102

mkdir -p "${WLAN_FIRMWARE_DIR}"

99

fi

103

fi

100

104

101

# Create temporary directory for firmware binary blob

105

# Create temporary directory for firmware binary blob

102

temp_dir=$(as_nobody mktemp -d)

106

temp_dir=$(as_nobody mktemp -d)

103

107

104

# Fetch firmware binary blob for RPI3B+

108

# Fetch firmware binary blob for RPI3B+

105

if [ "$RPI_MODEL" = 3P ] ; then

109

if [ "$RPI_MODEL" = 3P ] ; then

106

# Fetch firmware binary blob for RPi3P

110

# Fetch firmware binary blob for RPi3P

107

as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"

111

as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"

108

as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"

112

as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"

109

as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"

113

as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"

110

114

111

# Move downloaded firmware binary blob

115

# Move downloaded firmware binary blob

112

mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"

116

mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"

113

117

114

# Set permissions of the firmware binary blob

118

# Set permissions of the firmware binary blob

115

chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*

119

chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*

116

chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*

120

chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*

117

elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then

121

elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then

118

# Fetch firmware binary blob for RPi3

122

# Fetch firmware binary blob for RPi3

119

as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"

123

as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"

120

as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"

124

as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"

121

125

122

# Move downloaded firmware binary blob

126

# Move downloaded firmware binary blob

123

mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"

127

mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"

124

128

125

# Set permissions of the firmware binary blob

129

# Set permissions of the firmware binary blob

126

chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*

130

chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*

127

chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*

131

chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*

128

fi

132

fi

129

133

130

# Remove temporary directory for firmware binary blob

134

# Remove temporary directory for firmware binary blob

131

rm -fr "${temp_dir}"

135

rm -fr "${temp_dir}"

132

fi

136

fi

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

@@ -0,0 +1,2
	1	# ASLR
	2	kernel.randomize_va_space = 2 No newline at end of file

             #
             # Setup Networking
             #
             # Load utility functions
             . ./functions.sh
             # Install and setup hostname
             install_readonly files/network/hostname "${ETC_DIR}/hostname"
             sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
             # Install and setup hosts
             install_readonly files/network/hosts "${ETC_DIR}/hosts"
             sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
             # Setup hostname entry with static IP
             if [ "$NET_ADDRESS" != "" ] ; then
               NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
               sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
             fi
             # Remove IPv6 hosts
             if [ "$ENABLE_IPV6" = false ] ; then
               sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
             fi
             # Install hint about network configuration
             install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
             # Install configuration for interface eth0
             install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
+            if [ "$RPI_MODEL" = 3P ] ; then
+            printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network"
+            fi
             # Install configuration for interface wl*
             install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
             #always with dhcp since wpa_supplicant integration is missing
             sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
             if [ "$ENABLE_DHCP" = true ] ; then
               # Enable DHCP configuration for interface eth0
               sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
               # Set DHCP configuration to IPv4 only
               if [ "$ENABLE_IPV6" = false ] ; then
                 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
               fi
             else # ENABLE_DHCP=false
               # Set static network configuration for interface eth0
               sed -i\
               -e "s|DHCP=.*|DHCP=no|"\
               -e "s|Address=\$|Address=${NET_ADDRESS}|"\
               -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
               -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
               -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
               -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
               -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
               -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
               "${ETC_DIR}/systemd/network/eth.network"
             fi
             # Remove empty settings from network configuration
             sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
             # Remove empty settings from wlan configuration
             sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
             # Move systemd network configuration if required by Debian release
             mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
             # If WLAN is enabled copy wlan configuration too
             if [ "$ENABLE_WIRELESS" = true ] ; then
               mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
             fi
             rm -fr "${ETC_DIR}/systemd/network"
             # Enable systemd-networkd service
             chroot_exec systemctl enable systemd-networkd
             # Install host.conf resolver configuration
             install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
             # Enable network stack hardening
             if [ "$ENABLE_HARDNET" = true ] ; then
               # Install sysctl.d configuration files
               install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
               # Setup resolver warnings about spoofed addresses
               sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
             fi
             # Enable time sync
             if [ "$NET_NTP_1" != "" ] ; then
               chroot_exec systemctl enable systemd-timesyncd.service
             fi
             # Download the firmware binary blob required to use the RPi3 wireless interface
             if [ "$ENABLE_WIRELESS" = true ] ; then
               if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
                 mkdir -p "${WLAN_FIRMWARE_DIR}"
               fi
               # Create temporary directory for firmware binary blob
               temp_dir=$(as_nobody mktemp -d)
               # Fetch firmware binary blob for RPI3B+
               if [ "$RPI_MODEL" = 3P ] ; then
                 # Fetch firmware binary blob for RPi3P
                 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
                 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
                 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
             	# Move downloaded firmware binary blob
             	mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
             	# Set permissions of the firmware binary blob
             	chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
                 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
               elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
                 # Fetch firmware binary blob for RPi3
                 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
                 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
             	# Move downloaded firmware binary blob
             	mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
             	# Set permissions of the firmware binary blob
             	chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
                 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
               fi
               # Remove temporary directory for firmware binary blob
               rm -fr "${temp_dir}"
             fi