##// END OF EJS Templates
Raspi2-3_GenImage
RSS

Cloner depuis https://github.com/drtyhlpr/rpi23-gen-image.git

formating and dropbear fix for static ip
Unknown -
r569:c84998d2e8c2
parent child
Show More
Show file before | Show file after | Hide comments
@@ -45,40 +45,54 if [ "$ENABLE_INITRAMFS" = true ] ; then
45 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
45 install_exec files/initramfs/expand-premount "${ETC_DIR}/initramfs-tools/scripts/local-premount/expand-premount"
46 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
46 install_exec files/initramfs/expand-tools "${ETC_DIR}/initramfs-tools/hooks/expand-tools"
47 fi
47 fi
48
49 if [ "$ENABLE_DHCP" = false ] ; then
50 # Get cdir from NET_ADDRESS e.g. 24
51 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
52
53 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
54 NET_MASK=$(cdr2mask "$cdir")
55
56 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
57 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
58
59 # Regenerate initramfs
60 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
61 fi
48
62
49 if [ "$CRYPTFS_DROPBEAR" = true ]; then
63 if [ "$CRYPTFS_DROPBEAR" = true ]; then
50 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
64 if [ -n "$CRYPTFS_DROPBEAR_PUBKEY" ] && [ -f "$CRYPTFS_DROPBEAR_PUBKEY" ] ; then
51 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
65 install_readonly "${CRYPTFS_DROPBEAR_PUBKEY}" "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
52 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
66 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub >> "${ETC_DIR}"/dropbear-initramfs/authorized_keys
53 else
67 else
54 # Create key
68 # Create key
55 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
69 chroot_exec /usr/bin/dropbearkey -t rsa -f /etc/dropbear-initramfs/id_rsa.dropbear
56
70
57 # Convert dropbear key to openssh key
71 # Convert dropbear key to openssh key
58 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
72 chroot_exec /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/dropbear-initramfs/id_rsa.dropbear /etc/dropbear-initramfs/id_rsa
59
73
60 # Get Public Key Part
74 # Get Public Key Part
61 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
75 chroot_exec /usr/bin/dropbearkey -y -f /etc/dropbear-initramfs/id_rsa.dropbear | chroot_exec tee /etc/dropbear-initramfs/id_rsa.pub
62
76
63 # Delete unwanted lines
77 # Delete unwanted lines
64 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
78 sed -i '/Public/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
65 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
79 sed -i '/Fingerprint/d' "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub
66
80
67 # Trust the new key
81 # Trust the new key
68 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
82 cat "${ETC_DIR}"/dropbear-initramfs/id_rsa.pub > "${ETC_DIR}"/dropbear-initramfs/authorized_keys
69
83
70 # Save Keys - convert with putty from rsa/openssh to puttkey
84 # Save Keys - convert with putty from rsa/openssh to puttkey
71 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
85 cp -f "${ETC_DIR}"/dropbear-initramfs/id_rsa "${BASEDIR}"/dropbear_initramfs_key.rsa
72
86
73 # Get unlock script
87 # Get unlock script
74 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
88 install_exec files/initramfs/crypt_unlock.sh "${ETC_DIR}"/initramfs-tools/hooks/crypt_unlock.sh
75
89
76 # Enable Dropbear inside initramfs
90 # Enable Dropbear inside initramfs
77 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
91 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=y\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
78
92
79 # Enable Dropbear inside initramfs
93 # Enable Dropbear inside initramfs
80 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
94 sed -i "54 i sleep 5" "${R}"/usr/share/initramfs-tools/scripts/init-premount/dropbear
81 fi
95 fi
82 else
96 else
83 # Disable SSHD inside initramfs
97 # Disable SSHD inside initramfs
84 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
98 printf "#\n# DROPBEAR: [ y | n ]\n#\n\nDROPBEAR=n\n" >> "${ETC_DIR}/initramfs-tools/initramfs.conf"
Show file before | Show file after | Hide comments
@@ -156,14 +156,13 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
156
156
157 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
157 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
158 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
158 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
159
160 # set overlay to swap ttyAMA0 and ttyS0
159 # set overlay to swap ttyAMA0 and ttyS0
161 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
160 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
162
161
163 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
164 if [ "$ENABLE_TURBO" = false ] ; then
162 if [ "$ENABLE_TURBO" = false ] ; then
165 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
163 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
166 fi
164 fi
165
167 fi
166 fi
168
167
169 # Activate services
168 # Activate services
@@ -180,14 +179,18 if [ "$ENABLE_CONSOLE" = true ] ; then
180 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
179 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
181 # add string to cmdline
180 # add string to cmdline
182 CMDLINE="${CMDLINE} console=serial0,115200"
181 CMDLINE="${CMDLINE} console=serial0,115200"
182
183 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
184 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
185 if [ "$ENABLE_TURBO" = false ] ; then
186 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
187 fi
188 fi
183
189
184 # Enable serial console systemd style
190 # Enable serial console systemd style
185 chroot_exec systemctl enable serial-getty\@serial0.service
191 chroot_exec systemctl enable serial-getty@serial0.service
186 else
192 else
187 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
193 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
188
189 # disable serial console systemd style
190 chroot_exec systemctl disable serial-getty\@"$SET_SERIAL".service
191 fi
194 fi
192
195
193 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
196 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
@@ -200,36 +203,35 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
200 # Copy downloaded systemd-swap sources
203 # Copy downloaded systemd-swap sources
201 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
204 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
202
205
203 # Set permissions of the systemd-swap sources
204 chown -R root:root "${R}/tmp/systemd-swap"
205
206 # Remove temporary directory for systemd-swap sources
207 rm -fr "${temp_dir}"
208
209 # Change into downloaded src dir
206 # Change into downloaded src dir
210 cd "${R}/tmp/systemd-swap" || exit
207 cd "${R}/tmp/systemd-swap" || exit
211
208
212 # Build package
209 # Build package
213 . ./package.sh debian
210 bash ./package.sh debian
214
211
215 # Install package
212 # Change back into script root dir
216 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap-*any.deb
213 cd "${WORKDIR}" || exit
217
214
215 # Set permissions of the systemd-swap sources
216 chown -R root:root "${R}/tmp/systemd-swap"
217
218 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
219 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
220
218 # Enable service
221 # Enable service
219 chroot_exec systemctl enable systemd-swap
222 chroot_exec systemctl enable systemd-swap
220
223
221 # Change back into script root dir
224 # Remove temporary directory for systemd-swap sources
222 cd "${WORKDIR}" || exit
225 rm -fr "${temp_dir}"
223 else
226 else
224 # Enable ZSWAP in cmdline if systemd-swap is not used
227 # Enable ZSWAP in cmdline if systemd-swap is not used
225 if [ "$KERNEL_ZSWAP" = true ] ; then
228 if [ "$KERNEL_ZSWAP" = true ] ; then
226 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
229 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
227 fi
230 fi
228 fi
231 fi
229
232 if [ "$KERNEL_SECURITY" = true ] ; then
230 if [ "$KERNEL_SECURITY" = true ] ; then
233 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
231 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
234 fi
232 fi
233
235
234 # Install firmware boot cmdline
236 # Install firmware boot cmdline
235 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
237 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
Show file before | Show file after | Hide comments
@@ -57,20 +57,6 else # ENABLE_DHCP=false
57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
57 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
58 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
59 "${ETC_DIR}/systemd/network/eth.network"
59 "${ETC_DIR}/systemd/network/eth.network"
60
61 if [ "$CRYPTFS_DROPBEAR" = true ] ; then
62 # Get cdir from NET_ADDRESS e.g. 24
63 cdir=$(${NET_ADDRESS} | cut -d '/' -f2)
64
65 # Convert cdir ro netmask e.g. 24 to 255.255.255.0
66 NET_MASK=$(cdr2mask "$cdir")
67
68 # Write static ip settings to "${ETC_DIR}"/initramfs-tools/initramfs.conf
69 sed -i "\$aIP=${NET_ADDRESS}::${NET_GATEWAY}:${NET_MASK}:${HOSTNAME}:" "${ETC_DIR}"/initramfs-tools/initramfs.conf
70
71 # Regenerate initramfs
72 chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}"
73 fi
74 fi
60 fi
75
61
76 # Remove empty settings from network configuration
62 # Remove empty settings from network configuration
Show file before | Show file after | Hide comments
@@ -10,7 +10,7 if [ "$ENABLE_IPTABLES" = true ] ; then
10 mkdir -p "${ETC_DIR}/iptables"
10 mkdir -p "${ETC_DIR}/iptables"
11
11
12 if [ "$KERNEL_NF" = false ] ; then
12 if [ "$KERNEL_NF" = false ] ; then
13 #iptables-save and -restore are slaves of iptables and thus are set accordingly
13 # iptables-save and -restore are slaves of iptables and thus are set accordingly
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 fi
15 fi
16
16
@@ -29,10 +29,10 if [ "$ENABLE_IPTABLES" = true ] ; then
29
29
30 if [ "$ENABLE_IPV6" = true ] ; then
30 if [ "$ENABLE_IPV6" = true ] ; then
31 if [ "$KERNEL_NF" = false ] ; then
31 if [ "$KERNEL_NF" = false ] ; then
32 #iptables-save and -restore are slaves of iptables and thus are set accordingly
32 # iptables-save and -restore are slaves of iptables and thus are set accordingly
33 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
33 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
34 fi
34 fi
35
35
36 # Install ip6tables systemd service
36 # Install ip6tables systemd service
37 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
37 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
38
38
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant