@@ -0,0 +1,1 | |||||
|
1 | spoof warn |
@@ -8,7 +8,7 | |||||
8 | # Use proxy inside chroot |
|
8 | # Use proxy inside chroot | |
9 | if [ -z "$APT_PROXY" ] ; then |
|
9 | if [ -z "$APT_PROXY" ] ; then | |
10 | install_readonly files/apt/10proxy $R/etc/apt/apt.conf.d/10proxy |
|
10 | install_readonly files/apt/10proxy $R/etc/apt/apt.conf.d/10proxy | |
11 |
sed -i |
|
11 | sed -i "s/\"\"/\"${APT_PROXY}\"/" $R/etc/apt/apt.conf.d/10proxy | |
12 | fi |
|
12 | fi | |
13 |
|
13 | |||
14 | # Pin package flash-kernel to repositories.collabora.co.uk |
|
14 | # Pin package flash-kernel to repositories.collabora.co.uk | |
@@ -21,8 +21,8 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring | |||||
21 |
|
21 | |||
22 | # Set up initial sources.list |
|
22 | # Set up initial sources.list | |
23 | install_readonly files/apt/sources.list $R/etc/apt/sources.list |
|
23 | install_readonly files/apt/sources.list $R/etc/apt/sources.list | |
24 |
sed -i |
|
24 | sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" $R/etc/apt/sources.list | |
25 |
sed -i |
|
25 | sed -i "s/ jessie/ ${RELEASE}/" $R/etc/apt/sources.list | |
26 |
|
26 | |||
27 | # Upgrade package index and update all installed packages and changed dependencies |
|
27 | # Upgrade package index and update all installed packages and changed dependencies | |
28 | chroot_exec apt-get -qq -y update |
|
28 | chroot_exec apt-get -qq -y update |
@@ -19,40 +19,40 if [ "$ENABLE_MINBASE" = false ] ; then | |||||
19 | else |
|
19 | else | |
20 | # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale |
|
20 | # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale | |
21 | chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections |
|
21 | chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections | |
22 |
|
|
22 | sed -i "/en_US.UTF-8/s/^#//" $R/etc/locale.gen | |
23 | fi |
|
23 | fi | |
24 |
|
24 | |||
25 |
|
|
25 | sed -i "/${DEFLOCAL}/s/^#//" $R/etc/locale.gen | |
26 | chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections |
|
26 | chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections | |
27 | chroot_exec locale-gen |
|
27 | chroot_exec locale-gen | |
28 | chroot_exec update-locale LANG=${DEFLOCAL} |
|
28 | chroot_exec update-locale LANG=${DEFLOCAL} | |
29 |
|
29 | |||
30 | # Keyboard configuration, if requested |
|
30 | # Keyboard configuration, if requested | |
31 | if [ "$XKB_MODEL" != "" ] ; then |
|
31 | if [ "$XKB_MODEL" != "" ] ; then | |
32 |
|
|
32 | sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" $R/etc/default/keyboard | |
33 | fi |
|
33 | fi | |
34 | if [ "$XKB_LAYOUT" != "" ] ; then |
|
34 | if [ "$XKB_LAYOUT" != "" ] ; then | |
35 |
|
|
35 | sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" $R/etc/default/keyboard | |
36 | fi |
|
36 | fi | |
37 | if [ "$XKB_VARIANT" != "" ] ; then |
|
37 | if [ "$XKB_VARIANT" != "" ] ; then | |
38 |
|
|
38 | sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" $R/etc/default/keyboard | |
39 | fi |
|
39 | fi | |
40 | if [ "$XKB_OPTIONS" != "" ] ; then |
|
40 | if [ "$XKB_OPTIONS" != "" ] ; then | |
41 |
|
|
41 | sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" $R/etc/default/keyboard | |
42 | fi |
|
42 | fi | |
43 | chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration |
|
43 | chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration | |
44 |
|
44 | |||
45 | # Set up font console |
|
45 | # Set up font console | |
46 | case "${DEFLOCAL}" in |
|
46 | case "${DEFLOCAL}" in | |
47 | *UTF-8) |
|
47 | *UTF-8) | |
48 |
|
|
48 | sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' $R/etc/default/console-setup | |
49 | ;; |
|
49 | ;; | |
50 | *) |
|
50 | *) | |
51 |
|
|
51 | sed -i 's/^CHARMAP.*/CHARMAP="guess"/' $R/etc/default/console-setup | |
52 | ;; |
|
52 | ;; | |
53 | esac |
|
53 | esac | |
54 | chroot_exec dpkg-reconfigure -f noninteractive console-setup |
|
54 | chroot_exec dpkg-reconfigure -f noninteractive console-setup | |
55 | else |
|
55 | else # ENABLE_MINBASE=true | |
56 | # Set POSIX default locales |
|
56 | # Set POSIX default locales | |
57 | install_readonly files/locales/locale $R/etc/default/locale |
|
57 | install_readonly files/locales/locale $R/etc/default/locale | |
58 | fi |
|
58 | fi |
@@ -48,7 +48,7 if [ "$BUILD_KERNEL" = true ] ; then | |||||
48 |
|
48 | |||
49 | # Install raspberry bootloader and flash-kernel |
|
49 | # Install raspberry bootloader and flash-kernel | |
50 | chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel |
|
50 | chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel | |
51 | else |
|
51 | else # BUILD_KERNEL=false | |
52 | # Kernel installation |
|
52 | # Kernel installation | |
53 | chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${COLLABORA_KERNEL} raspberrypi-bootloader-nokernel |
|
53 | chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${COLLABORA_KERNEL} raspberrypi-bootloader-nokernel | |
54 |
|
54 |
@@ -7,10 +7,10 | |||||
7 |
|
7 | |||
8 | # Set up IPv4 hosts |
|
8 | # Set up IPv4 hosts | |
9 | install_readonly files/network/hostname $R/etc/hostname |
|
9 | install_readonly files/network/hostname $R/etc/hostname | |
10 |
sed -i |
|
10 | sed -i "s/^rpi2-jessie/${HOSTNAME}/" $R/etc/hostname | |
11 |
|
11 | |||
12 | install_readonly files/network/hosts $R/etc/hosts |
|
12 | install_readonly files/network/hosts $R/etc/hosts | |
13 |
sed -i |
|
13 | sed -i "s/rpi2-jessie/${HOSTNAME}/" $R/etc/hosts | |
14 |
|
14 | |||
15 | if [ "$NET_ADDRESS" != "" ] ; then |
|
15 | if [ "$NET_ADDRESS" != "" ] ; then | |
16 | NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/') |
|
16 | NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/') | |
@@ -31,13 +31,14 fi | |||||
31 | install_readonly files/network/interfaces $R/etc/network/interfaces |
|
31 | install_readonly files/network/interfaces $R/etc/network/interfaces | |
32 |
|
32 | |||
33 | if [ "$ENABLE_DHCP" = true ] ; then |
|
33 | if [ "$ENABLE_DHCP" = true ] ; then | |
34 | # Enable systemd-networkd DHCP configuration for interface eth0 |
|
34 | # Enable systemd-networkd DHCP configuration for interface eth0 | |
35 | install_readonly files/network/eth.network $R/etc/systemd/network/eth.network |
|
35 | install_readonly files/network/eth.network $R/etc/systemd/network/eth.network | |
36 |
|
36 | |||
37 | # Set DHCP configuration to IPv4 only |
|
37 | # Set DHCP configuration to IPv4 only | |
38 | if [ "$ENABLE_IPV6" = false ] ; then |
|
38 | if [ "$ENABLE_IPV6" = false ] ; then | |
39 | sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network |
|
39 | sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network | |
40 | fi |
|
40 | fi | |
|
41 | ||||
41 | else # ENABLE_DHCP=false |
|
42 | else # ENABLE_DHCP=false | |
42 | cat <<EOM >$R/etc/systemd/network/eth.network |
|
43 | cat <<EOM >$R/etc/systemd/network/eth.network | |
43 | [Match] |
|
44 | [Match] | |
@@ -62,8 +63,6 chroot_exec systemctl enable systemd-networkd | |||||
62 | if [ "$ENABLE_HARDNET" = true ] ; then |
|
63 | if [ "$ENABLE_HARDNET" = true ] ; then | |
63 | install_readonly files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf |
|
64 | install_readonly files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf | |
64 |
|
65 | |||
65 | # Enable resolver warnings about spoofed addresses |
|
66 | # Enable resolver warnings about spoofed addresses | |
66 | cat <<EOM >>$R/etc/host.conf |
|
67 | install_readonly files/network/host.conf $R/etc/host.conf | |
67 | spoof warn |
|
|||
68 | EOM |
|
|||
69 | fi |
|
68 | fi |
@@ -37,8 +37,8 if [ "$ENABLE_IPTABLES" = true ] ; then | |||||
37 | fi |
|
37 | fi | |
38 | fi |
|
38 | fi | |
39 |
|
39 | |||
40 | # Remove SSHD related iptables rules |
|
|||
41 | if [ "$ENABLE_SSHD" = false ] ; then |
|
40 | if [ "$ENABLE_SSHD" = false ] ; then | |
42 | sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null |
|
41 | # Remove SSHD related iptables rules | |
43 |
sed |
|
42 | sed -i "/^#/! {/SSH/ s/^/# /}" $R/etc/iptables/iptables.rules 2> /dev/null | |
|
43 | sed -i "/^#/! {/SSH/ s/^/# /}" $R/etc/iptables/ip6tables.rules 2> /dev/null | |||
44 | fi |
|
44 | fi |
@@ -19,9 +19,10 if [ "$ENABLE_ROOT" = true ]; then | |||||
19 | chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root |
|
19 | chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root | |
20 |
|
20 | |||
21 | if [ "$ENABLE_ROOT_SSH" = true ]; then |
|
21 | if [ "$ENABLE_ROOT_SSH" = true ]; then | |
22 |
sed -i |
|
22 | sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" $R/etc/ssh/sshd_config | |
23 | fi |
|
23 | fi | |
24 | else |
|
24 | else | |
|
25 | # Set no root password to disable root login | |||
25 | chroot_exec usermod -p \'!\' root |
|
26 | chroot_exec usermod -p \'!\' root | |
26 | fi |
|
27 | fi | |
27 |
|
28 |
@@ -7,7 +7,7 | |||||
7 |
|
7 | |||
8 | # Disable rsyslog |
|
8 | # Disable rsyslog | |
9 | if [ "$ENABLE_RSYSLOG" = false ]; then |
|
9 | if [ "$ENABLE_RSYSLOG" = false ]; then | |
10 |
sed -i |
|
10 | sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" $R/etc/systemd/journald.conf | |
11 | chroot_exec systemctl disable rsyslog |
|
11 | chroot_exec systemctl disable rsyslog | |
12 | chroot_exec apt-get purge -q -y --force-yes rsyslog |
|
12 | chroot_exec apt-get purge -q -y --force-yes rsyslog | |
13 | fi |
|
13 | fi |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant