Raspi2-3_GenImage Commit - r16:b5764ed82a73 · Collaboration Tremplin des Sciences

Added: ENABLE_MINBASE, Fix: Use systemd-networkd

Jan Wagner -

r16:b5764ed82a73

parent child

Context file:

r16:b5764ed82a73

Collapse all files

README.md +19 -15

             ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
             ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
             APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
+            ENABLE_MINBASE=true ./rpi2-gen-image.sh
              ```
             #### APT settings:
             #### General system settings:
             ##### `HOSTNAME`="rpi2-jessie"
-            Set system host name. It is recommended that the host name is unique in the corresponding subnet.
+            Set system host name. It's recommended that the host name is unique in the corresponding subnet.
             ##### `PASSWORD`="raspberry"
-            Set system root password. It is **STRONGLY** recommended that you choose a custom password.
+            Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
             ##### `DEFLOCAL`="en_US.UTF-8"
-            Set default system locale and keyboard layout. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command.
+            Set default system locale and keyboard layout. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`.
             ##### `TIMEZONE`="Europe/Berlin"
             Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
             #### Basic system features:
             ##### `ENABLE_CONSOLE`=true
-            Enable console output
+            Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
             ##### `ENABLE_IPV6`=true
-            Enable IPv6 support
+            Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
             ##### `ENABLE_SSHD`=true
-            Install and enable OpenSSH service
+            Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
             ##### `ENABLE_SOUND`=true
-            Enable sound hardware and install Advanced Linux Sound Architecture
+            Enable sound hardware and install Advanced Linux Sound Architecture.
             ##### `ENABLE_HWRANDOM`=true
-            Enable Hardware Random Number Generator
+            Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
             ##### `ENABLE_MINGPU`=false
-            Minimize the amount of shared memory reserverd for the GPU
+            Minimize the amount of shared memory reserverd for the GPU. It doesn't seem to be possible to fully disable the GPU.
             ##### `ENABLE_DBUS`=true
-            Install and enable D-Bus message bus
+            Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
             ##### `ENABLE_XORG`=false
-            Install Xorg open-source X Window System
+            Install Xorg open-source X Window System.
             ##### `ENABLE_FLUXBOX`=false
-            Install Fluxbox window manager for the X Window System
+            Install Fluxbox window manager for the X Window System.
             #### Advanced sytem features:
+            ##### `ENABLE_MINBASE`=false
+            Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
             ##### `ENABLE_UBOOT`=false
-            Replace default RPi bootloader with U-Boot bootloader
+            Replace default RPi bootloader with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
             ##### `ENABLE_IPTABLES`=false
-            Enable iptables IPv4/IPv6 firewall
+            Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
             ##### `ENABLE_HARDNET`=false
-            Enable IPv4/IPv6 network stack hardening settings
+            Enable IPv4/IPv6 network stack hardening settings.
             ## Logging of the bootstrapping process
             All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:

rpi2-gen-image.sh +36 -2

             ENABLE_FLUXBOX=${ENABLE_FLUXBOX:=false}
             # Advanced settings
+            ENABLE_MINBASE=${ENABLE_MINBASE:=false}
             ENABLE_UBOOT=${ENABLE_UBOOT:=false}
             ENABLE_HARDNET=${ENABLE_HARDNET:=false}
             ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
             MISSING_PACKAGES=""
             # Packages required in the chroot build enviroment
-            APT_INCLUDES="apt-transport-https,ca-certificates,debian-archive-keyring,dialog,locales"
+            APT_INCLUDES="apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
             set +x
             # Set up chroot directory
             mkdir -p $R
+            # Add required packages for the minbase installation
+            if [ "$ENABLE_MINBASE" = true ] ; then
+              APT_INCLUDES="${APT_INCLUDES},vim-tiny,net-tools"
+            else
+              APT_INCLUDES="${APT_INCLUDES},locales"
+            fi
             # Add dbus package, recommended if using systemd
             if [ "$ENABLE_DBUS" = true ] ; then
               APT_INCLUDES="${APT_INCLUDES},dbus"
               APT_INCLUDES="${APT_INCLUDES},fluxbox,eterm"
             fi
+            # Set empty proxy string
             if [ -z "$APT_PROXY" ] ; then
               APT_PROXY="http://"
             fi
             # Base debootstrap (unpack only)
+            if [ "$ENABLE_MINBASE" = true ] ; then
+              debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R ${APT_PROXY}${APT_SERVER}/debian
+            else
               debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R ${APT_PROXY}${APT_SERVER}/debian
+            fi
+            # Copy qemu emulator binary to chroot
             cp /usr/bin/qemu-arm-static $R/usr/bin
             # Copy debian-archive-keyring.pgp
             LANG=C chroot $R dpkg-reconfigure -f noninteractive tzdata
             # Set up default locales to "en_US.UTF-8" default
+            if [ "$ENABLE_MINBASE" = false ] ; then
               LANG=C chroot $R sed -i '/${DEFLOCAL}/s/^#//' /etc/locale.gen
               LANG=C chroot $R locale-gen ${DEFLOCAL}
+            fi
             # Upgrade collabora package index and install collabora keyring
             echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
               LANG=C chroot $R mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
               # Remove gcc/c++ build enviroment
-              LANG=C chroot $R apt-get purge -y bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
+              LANG=C chroot $R apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
             fi
+            # Enable systemd-networkd DHCP configuration for the eth0 interface
+            printf "[Match]\nName=eth0\n\n[Network]\nDHCP=yes\n" > $R/etc/systemd/network/eth.network
+            # Set DHCP configuration to IPv4 only
+            if [ "$ENABLE_IPV6" = false ] ; then
+              sed -i "s/=yes/=v4/" $R/etc/systemd/network/eth.network
+            fi
+            # Enable systemd-networkd service
+            LANG=C chroot $R systemctl enable systemd-networkd
+            # Place hint about netowrk configuration
+            cat <<EOM >$R/etc/network/interfaces
+            # Debian switched to systemd-networkd configuration files.
+            # please configure your networks in '/etc/systemd/network/'
+            EOM
             # Clean cached downloads
             LANG=C chroot $R apt-get -y clean
             LANG=C chroot $R apt-get -y autoclean

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages