diff --git a/bootstrap.d/10-bootstrap.sh b/bootstrap.d/10-bootstrap.sh index 9e39b5d..f57e4c3 100644 --- a/bootstrap.d/10-bootstrap.sh +++ b/bootstrap.d/10-bootstrap.sh @@ -8,6 +8,8 @@ VARIANT="" COMPONENTS="main" +if [ "$BUILD_KERNEL" != "uselocal" ]; then #ajout 2025 + # Use non-free Debian packages if needed # One use variable which is only needed by wifi firmware blob => reworked to use non free in /etc/apt/sources.list - we could just use ENABLE_WIRELESS here if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_NONFREE" = true ] ; then @@ -24,11 +26,12 @@ fi #if [ "$RELEASE" = "bookworm" ] || [ "$RELEASE" = "bullseye" ] ; then # APT_EXCLUDES="--exclude=init,systemd-sysv" #fi - # Base debootstrap (unpack only) http_proxy=${APT_PROXY} debootstrap ${APT_EXCLUDES} --arch="${RELEASE_ARCH}" --foreign ${VARIANT} --components="${COMPONENTS}" --include="${APT_INCLUDES}" "${RELEASE}" "${R}" "http://${APT_SERVER}/debian" + + # Copy qemu emulator binary to chroot install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}" @@ -36,9 +39,13 @@ install -m 755 -o root -g root "${QEMU_BINARY}" "${R}${QEMU_BINARY}" mkdir -p "${R}/usr/share/keyrings" install_readonly /usr/share/keyrings/debian-archive-keyring.gpg "${R}/usr/share/keyrings/debian-archive-keyring.gpg" + + # Complete the bootstrapping process chroot_exec /debootstrap/debootstrap --second-stage +fi + # Mount required filesystems mount -t proc none "${R}/proc" mount -t sysfs none "${R}/sys" diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh index 253b3c2..31db9fe 100644 --- a/bootstrap.d/13-kernel.sh +++ b/bootstrap.d/13-kernel.sh @@ -15,7 +15,7 @@ fi # Fetch and build latest raspberry kernel case "$BUILD_KERNEL" in - "build") + "true") #if [ "$BUILD_KERNEL" = build ] ; then # Setup source directory mkdir -p "${KERNEL_DIR}" @@ -800,10 +800,10 @@ case "$BUILD_KERNEL" in chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source" fi fi - ;; +;; "download") -else # BUILD_KERNEL=false +#else # BUILD_KERNEL=false if [ "$SET_ARCH" = 64 ] ; then if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then # Use Sakakis modified kernel if ZSWAP is active @@ -879,20 +879,19 @@ else # BUILD_KERNEL=false rm -fr "${temp_dir}" rm -f "${R}"/tmp/kernel.deb fi -fi - ;; + + # Check if kernel installation was successful + KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)" + if [ -z "$KERNEL" ] ; then + echo "error: kernel installation failed! (/boot/kernel* not found)" + cleanup + exit 1 + fi +;; "uselocal") echo "using local kernel previous run" - ;; +;; esac - -# Check if kernel installation was successful -KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)" -if [ -z "$KERNEL" ] ; then - echo "error: kernel installation failed! (/boot/kernel* not found)" - cleanup - exit 1 -fi #fi diff --git a/bootstrap.d/14-fstab.sh b/bootstrap.d/14-fstab.sh index 1405809..238e2e9 100644 --- a/bootstrap.d/14-fstab.sh +++ b/bootstrap.d/14-fstab.sh @@ -8,6 +8,8 @@ # Install and setup fstab install_readonly files/mount/fstab "${ETC_DIR}/fstab" +if [ "$BUILD_KERNEL" != "uselocal" ]; then #ajout 2025 + # Generate initramfs file if [ "$ENABLE_INITRAMFS" = true ] ; then if [ "$ENABLE_CRYPTFS" = true ] ; then @@ -119,3 +121,5 @@ if [ "$ENABLE_INITRAMFS" = true ] ; then chroot_exec mkinitramfs -o "/boot/firmware/initramfs-${KERNEL_VERSION}" "${KERNEL_VERSION}" fi fi + +fi \ No newline at end of file diff --git a/bootstrap.d/20-networking.sh b/bootstrap.d/20-networking.sh index 6a54457..57b2564 100644 --- a/bootstrap.d/20-networking.sh +++ b/bootstrap.d/20-networking.sh @@ -141,7 +141,7 @@ if [ "$ENABLE_HARDNET" = true ] ; then install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf" # Setup resolver warnings about spoofed addresses - sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf" + #sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf" # comment 2025 fi # Enable time sync diff --git a/bootstrap.d/30-security.sh b/bootstrap.d/30-security.sh index 16d78c3..1183594 100644 --- a/bootstrap.d/30-security.sh +++ b/bootstrap.d/30-security.sh @@ -1,7 +1,7 @@ # # Setup users and security settings # - +if [ "$BUILD_KERNEL" != "uselocal" ]; then #ajout 2025 # Load utility functions . ./functions.sh @@ -22,3 +22,4 @@ else # Set no root password to disable root login chroot_exec usermod -p \'!\' root fi +fi \ No newline at end of file diff --git a/templates/rpi3-Met-trixie_25-10-21.conf b/templates/rpi3-Met-trixie_25-10-21.conf deleted file mode 100644 index b63e00f..0000000 --- a/templates/rpi3-Met-trixie_25-10-21.conf +++ /dev/null @@ -1,138 +0,0 @@ -# -# Configuration file raspi3 /trixie ENS de Lyon 2025/10/21 -# -#--------------------- -#--- APT settings ---- -#--------------------- -#APT_SERVER=debian.mirrors.ovh.net -#APT_SERVER=debian.proxad.net -APT_SERVER=deb.debian.org -APT_INCLUDES="zstd,zst,liblzma-dev,libzstd-dev, \ -zarchive-tools,liblzma-dev" -#------------------------------------- -# packages removed for various reasons -#------------------------------------- -#gnome-backgrounds,mate-backgrounds, \ -#geany,openbox-dev,openbox-lxde-session, -#xutils-dev,lxrandr, tightvncserver,\ -#,x11proto-randr-dev,terminator,texlive,texlive-xetex -APT_INCLUDES_LATE="" - -#------------------------------- -#--- General System Settings --- -#------------------------------- -SET_ARCH=32 -RPI_MODEL=3 -RELEASE="trixie" -RELEASE_ARCH="armhf" -HOSTNAME="raspife3" -DEFLOCAL="fr_FR.UTF-8" -TIMEZONE="Europe/Paris" -EXPANDROOT=false -ENABLE_QEMU=false -#--------------------- -#--- User Settings --- -#--------------------- -ENABLE_ROOT=true -ROOT_PASSWORD="Achanger1$" -ENABLE_USER=true -USER_NAME=ens-ife -USER_PASSWORD="AChanger1$" -#------------------------- -#--- Keyboard Settings --- -#------------------------- -XKB_MODEL="pc105" -XKB_LAYOUT="fr" -XKB_VARIANT="latin9" -XKB_OPTIONS="" -#------------------------ -#--- Network Settings --- -#------------------------ -ENABLE_IPV6=true -ENABLE_WIRELESS=false -ENABLE_IPTABLES=false -ENABLE_IFNAMES=true -ENABLE_HARDNET=true -ENABLE_ETH_DHCP=true -ENABLE_WIFI_DHCP=false -#NET_WIFI_SSID=MobileClimatEtMeteo -#NET_WIFI_PSK=ClimatEtMeteo -#--------------------- -#--- Basic features--- -#--------------------- -ENABLE_CONSOLE=false -ENABLE_BLUETOOTH=false -ENABLE_I2C=false -ENABLE_SPI=false -ENABLE_SSHD=true -SSH_ENABLE=true -ENABLE_NONFREE=true -ENABLE_RSYSLOG=true -ENABLE_SOUND=true -ENABLE_HWRANDOM=true -ENABLE_MINGPU=true -ENABLE_DBUS=true -ENABLE_XORG=false -ENABLE_WM="" -ENABLE_SYSVINIT=true -ENABLE_SPLASH=true -ENABLE_LOGO=true -#-------------------------------- -#--- Advanced System features --- -#-------------------------------- -ENABLE_DPHYSSWAP=false -ENABLE_QEMU=false -ENABLE_MINBASE=false -ENABLE_REDUCE=false -ENABLE_SPLITFS=false -ENABLE_INITRAMFS=true -ENABLE_DBUS=true -ENABLE_USBBOOT=false -ENABLE_UBOOT=false -ENABLE_FBTURBO=false -ENABLE_VIDEOCORE=false -ENABLE_HARDNET=true -ENABLE_IFNAMES=true -ENABLE_NEXMON=false -#DISABLE_UNDERVOLT_WARNINGS= -#-------------------- -#--- ssh settings --- -#-------------------- -SSH_ENABLE_ROOT=false -SSH_LIMIT_USERS=false -SSH_ROOT_PUB_KEY="/home/vidal/.ssh/authorized_keys" -SSH_USER_PUB_KEY="/home/vidal/.ssh/authorized_keys" -#----------------------- -#--- Kernel settings --- -#----------------------- -BUILD_KERNEL=true -KERNEL_BRANCH=rpi-6.12.y -KERNEL_REDUCE=false -KERNEL_HEADERS=true -KERNEL_REMOVESRC=true -KERNELSRC_CLEAN=true -KERNELSRC_CONFIG=true -KERNEL_DEFCONFIG=bcm2709_defconfig -KERNEL_BIN_IMAGE=zImage -KERNEL_IMAGE=kernel7.img -KERNEL_CCACHE=true -NB_CORES=16 -#------------------------ -#--- Reduce disk usage -- -#------------------------ -REDUCE_APT=false -REDUCE_DOC=true -REDUCE_MAN=true -REDUCE_HWDB=false -REDUCE_BASH=false -REDUCE_SSHD=false -REDUCE_LOCALE=false -#------------------------- -ENABLE_CRYPTFS=false -#------------------------- -BASEDIR=/home/vidal/Nano-Ordinateurs/RaspberryPi/RpiGenImage/Images/${RELEASE} -#BASEDIR=/media/*******/*********/Nano-Ordinateurs/RaspberryPi/RpiGenImage/Images/${RELEASE} -DATE=`date +%Y-%m-%d` -IMAGE_NAME=${BASEDIR}/${DATE}-rpi${RPI_MODEL}-${RELEASE} - -