##// END OF EJS Templates
code cleanup and even more spliting
Jan Wagner -
r70:94ac6dc790aa
parent child
Show More
@@ -0,0 +1,1
1 spoof warn
@@ -8,7 +8,7
8 # Use proxy inside chroot
8 # Use proxy inside chroot
9 if [ -z "$APT_PROXY" ] ; then
9 if [ -z "$APT_PROXY" ] ; then
10 install_readonly files/apt/10proxy $R/etc/apt/apt.conf.d/10proxy
10 install_readonly files/apt/10proxy $R/etc/apt/apt.conf.d/10proxy
11 sed -i -e "s/\"\"/\"${APT_PROXY}\"/" $R/etc/apt/apt.conf.d/10proxy
11 sed -i "s/\"\"/\"${APT_PROXY}\"/" $R/etc/apt/apt.conf.d/10proxy
12 fi
12 fi
13
13
14 # Pin package flash-kernel to repositories.collabora.co.uk
14 # Pin package flash-kernel to repositories.collabora.co.uk
@@ -21,8 +21,8 chroot_exec apt-get -qq -y --force-yes install collabora-obs-archive-keyring
21
21
22 # Set up initial sources.list
22 # Set up initial sources.list
23 install_readonly files/apt/sources.list $R/etc/apt/sources.list
23 install_readonly files/apt/sources.list $R/etc/apt/sources.list
24 sed -i -e "s/\/ftp.debian.org\//\/${APT_SERVER}\//" $R/etc/apt/sources.list
24 sed -i "s/\/ftp.debian.org\//\/${APT_SERVER}\//" $R/etc/apt/sources.list
25 sed -i -e "s/ jessie/ ${RELEASE}/" $R/etc/apt/sources.list
25 sed -i "s/ jessie/ ${RELEASE}/" $R/etc/apt/sources.list
26
26
27 # Upgrade package index and update all installed packages and changed dependencies
27 # Upgrade package index and update all installed packages and changed dependencies
28 chroot_exec apt-get -qq -y update
28 chroot_exec apt-get -qq -y update
@@ -19,40 +19,40 if [ "$ENABLE_MINBASE" = false ] ; then
19 else
19 else
20 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
20 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
21 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
21 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
22 chroot_exec sed -i "/en_US.UTF-8/s/^#//" /etc/locale.gen
22 sed -i "/en_US.UTF-8/s/^#//" $R/etc/locale.gen
23 fi
23 fi
24
24
25 chroot_exec sed -i "/${DEFLOCAL}/s/^#//" /etc/locale.gen
25 sed -i "/${DEFLOCAL}/s/^#//" $R/etc/locale.gen
26 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
26 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
27 chroot_exec locale-gen
27 chroot_exec locale-gen
28 chroot_exec update-locale LANG=${DEFLOCAL}
28 chroot_exec update-locale LANG=${DEFLOCAL}
29
29
30 # Keyboard configuration, if requested
30 # Keyboard configuration, if requested
31 if [ "$XKB_MODEL" != "" ] ; then
31 if [ "$XKB_MODEL" != "" ] ; then
32 chroot_exec sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" /etc/default/keyboard
32 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" $R/etc/default/keyboard
33 fi
33 fi
34 if [ "$XKB_LAYOUT" != "" ] ; then
34 if [ "$XKB_LAYOUT" != "" ] ; then
35 chroot_exec sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" /etc/default/keyboard
35 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" $R/etc/default/keyboard
36 fi
36 fi
37 if [ "$XKB_VARIANT" != "" ] ; then
37 if [ "$XKB_VARIANT" != "" ] ; then
38 chroot_exec sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" /etc/default/keyboard
38 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" $R/etc/default/keyboard
39 fi
39 fi
40 if [ "$XKB_OPTIONS" != "" ] ; then
40 if [ "$XKB_OPTIONS" != "" ] ; then
41 chroot_exec sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" /etc/default/keyboard
41 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" $R/etc/default/keyboard
42 fi
42 fi
43 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
43 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
44
44
45 # Set up font console
45 # Set up font console
46 case "${DEFLOCAL}" in
46 case "${DEFLOCAL}" in
47 *UTF-8)
47 *UTF-8)
48 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' /etc/default/console-setup
48 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' $R/etc/default/console-setup
49 ;;
49 ;;
50 *)
50 *)
51 chroot_exec sed -i 's/^CHARMAP.*/CHARMAP="guess"/' /etc/default/console-setup
51 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' $R/etc/default/console-setup
52 ;;
52 ;;
53 esac
53 esac
54 chroot_exec dpkg-reconfigure -f noninteractive console-setup
54 chroot_exec dpkg-reconfigure -f noninteractive console-setup
55 else
55 else # ENABLE_MINBASE=true
56 # Set POSIX default locales
56 # Set POSIX default locales
57 install_readonly files/locales/locale $R/etc/default/locale
57 install_readonly files/locales/locale $R/etc/default/locale
58 fi
58 fi
@@ -48,7 +48,7 if [ "$BUILD_KERNEL" = true ] ; then
48
48
49 # Install raspberry bootloader and flash-kernel
49 # Install raspberry bootloader and flash-kernel
50 chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel
50 chroot_exec apt-get -qq -y --no-install-recommends install raspberrypi-bootloader-nokernel
51 else
51 else # BUILD_KERNEL=false
52 # Kernel installation
52 # Kernel installation
53 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${COLLABORA_KERNEL} raspberrypi-bootloader-nokernel
53 chroot_exec apt-get -qq -y --no-install-recommends install linux-image-${COLLABORA_KERNEL} raspberrypi-bootloader-nokernel
54
54
@@ -7,10 +7,10
7
7
8 # Set up IPv4 hosts
8 # Set up IPv4 hosts
9 install_readonly files/network/hostname $R/etc/hostname
9 install_readonly files/network/hostname $R/etc/hostname
10 sed -i -e "s/^rpi2-jessie/${HOSTNAME}/" $R/etc/hostname
10 sed -i "s/^rpi2-jessie/${HOSTNAME}/" $R/etc/hostname
11
11
12 install_readonly files/network/hosts $R/etc/hosts
12 install_readonly files/network/hosts $R/etc/hosts
13 sed -i -e "s/rpi2-jessie/${HOSTNAME}/" $R/etc/hosts
13 sed -i "s/rpi2-jessie/${HOSTNAME}/" $R/etc/hosts
14
14
15 if [ "$NET_ADDRESS" != "" ] ; then
15 if [ "$NET_ADDRESS" != "" ] ; then
16 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
16 NET_IP=$(echo ${NET_ADDRESS} | cut -f 1 -d'/')
@@ -31,13 +31,14 fi
31 install_readonly files/network/interfaces $R/etc/network/interfaces
31 install_readonly files/network/interfaces $R/etc/network/interfaces
32
32
33 if [ "$ENABLE_DHCP" = true ] ; then
33 if [ "$ENABLE_DHCP" = true ] ; then
34 # Enable systemd-networkd DHCP configuration for interface eth0
34 # Enable systemd-networkd DHCP configuration for interface eth0
35 install_readonly files/network/eth.network $R/etc/systemd/network/eth.network
35 install_readonly files/network/eth.network $R/etc/systemd/network/eth.network
36
36
37 # Set DHCP configuration to IPv4 only
37 # Set DHCP configuration to IPv4 only
38 if [ "$ENABLE_IPV6" = false ] ; then
38 if [ "$ENABLE_IPV6" = false ] ; then
39 sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
39 sed -i "s/^DHCP=yes/DHCP=v4/" $R/etc/systemd/network/eth.network
40 fi
40 fi
41
41 else # ENABLE_DHCP=false
42 else # ENABLE_DHCP=false
42 cat <<EOM >$R/etc/systemd/network/eth.network
43 cat <<EOM >$R/etc/systemd/network/eth.network
43 [Match]
44 [Match]
@@ -62,8 +63,6 chroot_exec systemctl enable systemd-networkd
62 if [ "$ENABLE_HARDNET" = true ] ; then
63 if [ "$ENABLE_HARDNET" = true ] ; then
63 install_readonly files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf
64 install_readonly files/sysctl.d/82-rpi-net-hardening.conf $R/etc/sysctl.d/82-rpi-net-hardening.conf
64
65
65 # Enable resolver warnings about spoofed addresses
66 # Enable resolver warnings about spoofed addresses
66 cat <<EOM >>$R/etc/host.conf
67 install_readonly files/network/host.conf $R/etc/host.conf
67 spoof warn
68 EOM
69 fi
68 fi
@@ -37,8 +37,8 if [ "$ENABLE_IPTABLES" = true ] ; then
37 fi
37 fi
38 fi
38 fi
39
39
40 # Remove SSHD related iptables rules
41 if [ "$ENABLE_SSHD" = false ] ; then
40 if [ "$ENABLE_SSHD" = false ] ; then
42 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/iptables.rules 2> /dev/null
41 # Remove SSHD related iptables rules
43 sed -e '/^#/! {/SSH/ s/^/# /}' -i $R/etc/iptables/ip6tables.rules 2> /dev/null
42 sed -i "/^#/! {/SSH/ s/^/# /}" $R/etc/iptables/iptables.rules 2> /dev/null
43 sed -i "/^#/! {/SSH/ s/^/# /}" $R/etc/iptables/ip6tables.rules 2> /dev/null
44 fi
44 fi
@@ -19,9 +19,10 if [ "$ENABLE_ROOT" = true ]; then
19 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
19 chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root
20
20
21 if [ "$ENABLE_ROOT_SSH" = true ]; then
21 if [ "$ENABLE_ROOT_SSH" = true ]; then
22 sed -i 's|[#]*PermitRootLogin.*|PermitRootLogin yes|g' $R/etc/ssh/sshd_config
22 sed -i "s|[#]*PermitRootLogin.*|PermitRootLogin yes|g" $R/etc/ssh/sshd_config
23 fi
23 fi
24 else
24 else
25 # Set no root password to disable root login
25 chroot_exec usermod -p \'!\' root
26 chroot_exec usermod -p \'!\' root
26 fi
27 fi
27
28
@@ -7,7 +7,7
7
7
8 # Disable rsyslog
8 # Disable rsyslog
9 if [ "$ENABLE_RSYSLOG" = false ]; then
9 if [ "$ENABLE_RSYSLOG" = false ]; then
10 sed -i 's|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g' $R/etc/systemd/journald.conf
10 sed -i "s|[#]*ForwardToSyslog=yes|ForwardToSyslog=no|g" $R/etc/systemd/journald.conf
11 chroot_exec systemctl disable rsyslog
11 chroot_exec systemctl disable rsyslog
12 chroot_exec apt-get purge -q -y --force-yes rsyslog
12 chroot_exec apt-get purge -q -y --force-yes rsyslog
13 fi
13 fi
@@ -18,6 +18,7
18 # Load utility functions
18 # Load utility functions
19 . ./functions.sh
19 . ./functions.sh
20
20
21 # Introduce settings
21 set -e
22 set -e
22 echo -n -e "\n#\n# RPi2 Bootstrap Settings\n#\n"
23 echo -n -e "\n#\n# RPi2 Bootstrap Settings\n#\n"
23 set -x
24 set -x
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant