Raspi2-3_GenImage Commit - r16:b5764ed82a73 · Collaboration Tremplin des Sciences

Added: ENABLE_MINBASE, Fix: Use systemd-networkd

Jan Wagner -

r16:b5764ed82a73

parent child

Context file:

r16:b5764ed82a73

Collapse all files

README.md +19 -15

              ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi2-gen-image.sh
              ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi2-gen-image.sh
              APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi2-gen-image.sh
+             ENABLE_MINBASE=true ./rpi2-gen-image.sh
               ```
              #### APT settings:
              #### General system settings:
              ##### `HOSTNAME`="rpi2-jessie"
-             Set system host name. It is recommended that the host name is unique in the corresponding subnet.
+             Set system host name. It's recommended that the host name is unique in the corresponding subnet.
-             ##### `PASSWORD`="raspberry"
-             Set system root password. It is **STRONGLY** recommended that you choose a custom password.
+             Set system `root` password. The same password is used for the created user `pi`. It's **STRONGLY** recommended that you choose a custom password.
              ##### `DEFLOCAL`="en_US.UTF-8"
-             Set default system locale and keyboard layout. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command.
+             Set default system locale and keyboard layout. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. The script variant `minbase` (ENABLE_MINBASE=true) doesn't install `locales`.
-             ##### `TIMEZONE`="Europe/Berlin"
              Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
-             #### Basic system features:
-             ##### `ENABLE_CONSOLE`=true
-             Enable console output
+             Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system.
-             ##### `ENABLE_IPV6`=true
-             Enable IPv6 support
+             Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
-             ##### `ENABLE_SSHD`=true
-             Install and enable OpenSSH service
+             Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
              ##### `ENABLE_SOUND`=true
-             Enable sound hardware and install Advanced Linux Sound Architecture
+             Enable sound hardware and install Advanced Linux Sound Architecture.
              ##### `ENABLE_HWRANDOM`=true
-             Enable Hardware Random Number Generator
+             Enable Hardware Random Number Generator. Strong random numbers are important for most network based communications that use encryption. It's recommended to be enabled.
-             ##### `ENABLE_MINGPU`=false
-             Minimize the amount of shared memory reserverd for the GPU
+             Minimize the amount of shared memory reserverd for the GPU. It doesn't seem to be possible to fully disable the GPU.
              ##### `ENABLE_DBUS`=true
-             Install and enable D-Bus message bus
+             Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
-             ##### `ENABLE_XORG`=false
-             Install Xorg open-source X Window System
+             Install Xorg open-source X Window System.
-             ##### `ENABLE_FLUXBOX`=false
-             Install Fluxbox window manager for the X Window System
+             Install Fluxbox window manager for the X Window System.
-             #### Advanced sytem features:
+             ##### `ENABLE_MINBASE`=false
+             Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
-             ##### `ENABLE_UBOOT`=false
-             Replace default RPi bootloader with U-Boot bootloader
+             Replace default RPi bootloader with U-Boot bootloader. U-Boot can boot images via the network using the BOOTP/TFTP protocol.
-             ##### `ENABLE_IPTABLES`=false
-             Enable iptables IPv4/IPv6 firewall
+             Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
-             ##### `ENABLE_HARDNET`=false
-             Enable IPv4/IPv6 network stack hardening settings
+             Enable IPv4/IPv6 network stack hardening settings.
-             ## Logging of the bootstrapping process
              All information related to the bootstrapping process and the commands executed by the `rpi2-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:

rpi2-gen-image.sh +36 -2

              ENABLE_FLUXBOX=${ENABLE_FLUXBOX:=false}
              # Advanced settings
+             ENABLE_MINBASE=${ENABLE_MINBASE:=false}
              ENABLE_UBOOT=${ENABLE_UBOOT:=false}
              ENABLE_HARDNET=${ENABLE_HARDNET:=false}
              ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
              MISSING_PACKAGES=""
              # Packages required in the chroot build enviroment
-             APT_INCLUDES="apt-transport-https,ca-certificates,debian-archive-keyring,dialog,locales"
+             APT_INCLUDES="apt-transport-https,ca-certificates,debian-archive-keyring,dialog,sudo"
              set +x
              # Set up chroot directory
              mkdir -p $R
+             # Add required packages for the minbase installation
+             if [ "$ENABLE_MINBASE" = true ] ; then
+               APT_INCLUDES="${APT_INCLUDES},vim-tiny,net-tools"
+             else
+               APT_INCLUDES="${APT_INCLUDES},locales"
+             fi
              # Add dbus package, recommended if using systemd
              if [ "$ENABLE_DBUS" = true ] ; then
                APT_INCLUDES="${APT_INCLUDES},dbus"
                APT_INCLUDES="${APT_INCLUDES},fluxbox,eterm"
              fi
+             # Set empty proxy string
              if [ -z "$APT_PROXY" ] ; then
                APT_PROXY="http://"
              fi
              # Base debootstrap (unpack only)
+             if [ "$ENABLE_MINBASE" = true ] ; then
+               debootstrap --arch=armhf --variant=minbase --foreign --include=${APT_INCLUDES} $RELEASE $R ${APT_PROXY}${APT_SERVER}/debian
+             else
              debootstrap --arch=armhf --foreign --include=${APT_INCLUDES} $RELEASE $R ${APT_PROXY}${APT_SERVER}/debian
+             fi
+             # Copy qemu emulator binary to chroot
              cp /usr/bin/qemu-arm-static $R/usr/bin
              # Copy debian-archive-keyring.pgp
              LANG=C chroot $R dpkg-reconfigure -f noninteractive tzdata
              # Set up default locales to "en_US.UTF-8" default
+             if [ "$ENABLE_MINBASE" = false ] ; then
              LANG=C chroot $R sed -i '/${DEFLOCAL}/s/^#//' /etc/locale.gen
              LANG=C chroot $R locale-gen ${DEFLOCAL}
+             fi
              # Upgrade collabora package index and install collabora keyring
              echo "deb https://repositories.collabora.co.uk/debian ${RELEASE} rpi2" >$R/etc/apt/sources.list
                LANG=C chroot $R mkimage -A arm -O linux -T script -C none -a 0x00000000 -e 0x00000000 -n "RPi2 Boot Script" -d /boot/firmware/uboot.mkimage /boot/firmware/boot.scr
                # Remove gcc/c++ build enviroment
-               LANG=C chroot $R apt-get purge -y bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
+               LANG=C chroot $R apt-get -y -q purge --auto-remove bc binutils cpp cpp-4.9 g++ g++-4.9 gcc gcc-4.9 libasan1 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libgcc-4.9-dev libgomp1 libisl10 libmpc3 libmpfr4 libstdc++-4.9-dev libubsan0 linux-compiler-gcc-4.9-arm linux-libc-dev make
              fi
+             # Enable systemd-networkd DHCP configuration for the eth0 interface
+             printf "[Match]\nName=eth0\n\n[Network]\nDHCP=yes\n" > $R/etc/systemd/network/eth.network
+             # Set DHCP configuration to IPv4 only
+             if [ "$ENABLE_IPV6" = false ] ; then
+               sed -i "s/=yes/=v4/" $R/etc/systemd/network/eth.network
+             fi
+             # Enable systemd-networkd service
+             LANG=C chroot $R systemctl enable systemd-networkd
+             # Place hint about netowrk configuration
+             cat <<EOM >$R/etc/network/interfaces
+             # Debian switched to systemd-networkd configuration files.
+             # please configure your networks in '/etc/systemd/network/'
+             EOM
              # Clean cached downloads
              LANG=C chroot $R apt-get -y clean
              LANG=C chroot $R apt-get -y autoclean

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages