overhaul OS build (#2244)

* create init resize for pi

* wip

* defer to OS_ARCH env var

* enable password auth in live image

* use correct live image path

* reorder dependencies

* add grub-common as dependency

* add more depends

* reorder grub

* include systemd-resolved

* misc fixes

* remove grub from dependencies

* imports

* ssh and raspi builds

* fix resolvectl

* generate snake-oil on install

* update raspi build process

* script fixes

* fix resize and config

* add psmisc

* new workflows

* include img

* pass through OS_ARCH env var

* require OS_ARCH

* allow dispatching production builds

* configurable environment

* pass through OS_ARCH on compat build

* fix syntax error

* crossbuild dependencies

* include libavahi-client for cross builds

* reorder add-arch

* add ports

* switch existing repos to amd64

* explicitly install libc6

* add more bullshit

* fix some errors

* use ignored shlibs

* remove ubuntu ports

* platform deb

* Update depends

* Update startos-iso.yaml

* Update startos-iso.yaml

* require pi-beep

* add bios boot, fix environment

* Update startos-iso.yaml

* inline deb

* Update startos-iso.yaml

* allow ssh password auth in live build

* sync hostname on livecd

* require curl

build/lib/depends

@@ -1,35 +1,44 @@
-tor
 avahi-daemon
 avahi-utils
-iotop
+bash-completion
+beep
 bmon
-lvm2
-htop
-cryptsetup
-exfat-utils
-sqlite3
-wireless-tools
-net-tools
-ecryptfs-utils
+ca-certificates
 cifs-utils
-samba-common-bin
-network-manager
-vim
-jq
-ncdu
-postgresql
-pgloader
-openssh-server
+containerd.io
+curl
+cryptsetup
 docker-ce
 docker-ce-cli
-containerd.io
 docker-compose-plugin
-beep
+dosfstools
+e2fsprogs
+ecryptfs-utils
+exfat-utils
+htop
 httpdirfs
+iotop
 iw
-squashfs-tools
-rsync
-systemd-timesyncd
+jq
+libavahi-client3
+lvm2
 magic-wormhole
+ncdu
+net-tools
+network-manager
 nyx
-bash-completion
+openssh-server
+pgloader
+postgresql
+psmisc
+rsync
+samba-common-bin
+sqlite3
+squashfs-tools
+systemd
+systemd-resolved
+systemd-sysv
+systemd-timesyncd
+tor
+vim
+wireless-tools

build/lib/scripts/install

@@ -1,120 +0,0 @@
-#!/bin/bash
-
-set -e
-
-function partition_for () {
-    if [[ "$1" =~ [0-9]+$ ]]; then
-        echo "$1p$2"
-    else
-        echo "$1$2"
-    fi
-}
-
-OSDISK=$1
-if [ -z "$OSDISK" ]; then
-  >&2 echo "usage: $0 <TARGET DISK>"
-  exit 1
-fi
-
-WIFI_IFACE=
-for IFACE in $(ls /sys/class/net); do
-    if [ -d /sys/class/net/$IFACE/wireless ]; then
-        WIFI_IFACE=$IFACE
-        break
-    fi
-done
-
-ETH_IFACE=
-for IFACE in $(ls /sys/class/net); do
-    if ! [ -d /sys/class/net/$IFACE/wireless ] && [ -d /sys/class/net/$IFACE/device ]; then
-        ETH_IFACE=$IFACE
-        break
-    fi
-done
-if [ -z "$ETH_IFACE" ]; then
-    >&2 echo 'Could not detect ethernet interface'
-    exit 1
-fi
-
-(
-  echo o      # MBR
-  echo n      # New Partition
-  echo p      #   Primary
-  echo 1      #   Index #1
-  echo        #   Default Starting Position
-  echo '+1G'  #   1GB
-  echo t      #   Change Type
-  echo 0b     #     W95 FAT32
-  echo a      #   Set Bootable
-  echo n      # New Partition
-  echo p      #   Primary
-  echo 2      #   Index #2
-  echo        #   Default Starting Position
-  echo '+15G' #   15GB
-  echo n      # New Partition
-  echo p      #   Primary
-  echo 3      #   Index #3
-  echo        #   Default Starting Position
-  echo        #   Use Full Remaining
-  echo t      #   Change Type
-  echo 3      #     (Still Index #3)
-  echo 8e     #     Linux LVM
-  echo w      # Write Changes
-) | fdisk $OSDISK
-
-BOOTPART=`partition_for $OSDISK 1`
-ROOTPART=`partition_for $OSDISK 2`
-
-mkfs.vfat $BOOTPART
-fatlabel $BOOTPART boot
-
-mkfs.ext4 $ROOTPART
-e2label $ROOTPART rootfs
-
-mount $ROOTPART /mnt
-mkdir /mnt/config
-mkdir /mnt/current
-mkdir /mnt/next
-
-mkdir /mnt/current/boot
-mount $BOOTPART /mnt/current/boot
-
-unsquashfs -f -d /mnt/current /cdrom/casper/filesystem.squashfs
-
-cat > /mnt/config/config.yaml << EOF
-os-partitions:
-  boot: $BOOTPART
-  root: $ROOTPART
-ethernet-interface: $ETH_IFACE
-EOF
-
-if [ -n "$WIFI_IFACE" ]; then
-    echo "wifi-interface: $WIFI_IFACE" >> /mnt/config/config.yaml
-fi
-
-# gen fstab
-cat > /mnt/current/etc/fstab << EOF
-$BOOTPART   /boot   vfat    defaults    0   2
-$ROOTPART   /       ext4    defaults    0   1
-EOF
-
-# gen machine-id
-chroot /mnt/current systemd-machine-id-setup
-
-# gen ssh host keys
-chroot /mnt/current ssh-keygen -A
-
-mount --bind /dev /mnt/current/dev
-mount --bind /sys /mnt/current/sys
-mount --bind /proc /mnt/current/proc
-
-chroot /mnt/current update-grub
-chroot /mnt/current grub-install $OSDISK
-
-umount /mnt/current/dev
-umount /mnt/current/sys
-umount /mnt/current/proc
-
-umount /mnt/current/boot
-
-umount /mnt

build/lib/scripts/postinst

@@ -29,6 +29,10 @@ ln -s /usr/share/zoneinfo/Etc/UTC /etc/localtime
 
 # switch to systemd-resolved & network-manager
 echo "#" > /etc/network/interfaces
+if ! [ -f /etc/resolv.conf ]; then
+  rm -f /etc/resolv.conf
+  echo "nameserver 8.8.8.8" > /etc/resolv.conf # Google DNS Fallback
+fi
 if ! [ -f /run/systemd/resolve/stub-resolv.conf ]; then
     mkdir -p /run/systemd/resolve
     cp /etc/resolv.conf /run/systemd/resolve/stub-resolv.conf
@@ -44,6 +48,7 @@ managed=true
 EOF
 $SYSTEMCTL enable systemd-resolved.service
 $SYSTEMCTL enable systemd-networkd-wait-online.service
+$SYSTEMCTL enable ssh.service
 $SYSTEMCTL disable wpa_supplicant.service
 
 $SYSTEMCTL disable docker.service
@@ -63,6 +68,7 @@ if which gsettings > /dev/null; then
     gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout '0'
 fi
 
+sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
 sed -i 's/Restart=on-failure/Restart=always/g' /lib/systemd/system/tor@default.service
 sed -i 's/ExecStart=\/usr\/bin\/dockerd/ExecStart=\/usr\/bin\/dockerd --exec-opt native.cgroupdriver=systemd/g' /lib/systemd/system/docker.service
 sed -i '/\(^\|#\)entries-per-entry-group-max=/c\entries-per-entry-group-max=128' /etc/avahi/avahi-daemon.conf

build/raspberry-pi/033-upgrade.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=Boot process for system initialization.
-After=network-online.target systemd-time-wait-sync.service
-
-[Service]
-Type=oneshot
-ExecStart=/usr/local/bin/033-upgrade.sh
-RemainAfterExit=true
-StandardOutput=append:/var/log/initialization.log
-
-[Install]
-WantedBy=multi-user.target

build/raspberry-pi/033-upgrade.sh

@@ -1,88 +0,0 @@
-#!/bin/bash
-
-set -e
-
-(
-    while true; do
-        beep -r 2 -l 80 -d 20
-        sleep 60
-    done
-) &
-
-if grep 'cb15ae4d-03' /boot/cmdline.txt; then
-    echo Transfer files across
-    e2fsck -f -y /dev/mmcblk0p4
-    while ! resize2fs /dev/mmcblk0p4; do
-        e2fsck -f -y /dev/mmcblk0p4
-    done
-    mkdir -p /media/origin
-    mkdir -p /media/dest
-    mount -r /dev/mmcblk0p3 /media/origin
-    mount -w /dev/mmcblk0p4 /media/dest
-    rsync -acvAXUH --info=progress2 --delete --force /media/origin/ /media/dest/
-    umount /media/origin
-    umount /media/dest
-    rm -rf /media/origin
-    rm -rf /media/dest
-
-    echo Setting up boot to use other partition
-    sed -i 's/PARTUUID=cb15ae4d-03/PARTUUID=cb15ae4d-04/g' /boot/cmdline.txt
-    sync
-    reboot
-fi
-
-mkdir -p /media/root-rw
-mkfs.ext4 /dev/mmcblk0p3
-mount /dev/mmcblk0p3 /media/root-rw
-
-mkdir -p /embassy-os
-mount /dev/mmcblk0p2 /embassy-os
-
-mkdir -p /media/root-rw/config
-mkdir -p /media/root-rw/current
-mkdir -p /media/root-rw/next
-rsync -acvAXUH --info=progress2 /embassy-os/ /media/root-rw/config/
-rsync -acvAXUH --info=progress2 /update/ /media/root-rw/current/
-rsync -acvAXUH --info=progress2 /media/root-rw/current/boot/ /boot/
-cp /etc/machine-id /media/root-rw/current/etc/machine-id
-cp /etc/ssh/ssh_host_rsa_key /media/root-rw/current/etc/ssh/ssh_host_rsa_key
-cp /etc/ssh/ssh_host_rsa_key.pub /media/root-rw/current/etc/ssh/ssh_host_rsa_key.pub
-cp /etc/ssh/ssh_host_ecdsa_key /media/root-rw/current/etc/ssh/ssh_host_ecdsa_key
-cp /etc/ssh/ssh_host_ecdsa_key.pub /media/root-rw/current/etc/ssh/ssh_host_ecdsa_key.pub
-cp /etc/ssh/ssh_host_ed25519_key /media/root-rw/current/etc/ssh/ssh_host_ed25519_key
-cp /etc/ssh/ssh_host_ed25519_key.pub /media/root-rw/current/etc/ssh/ssh_host_ed25519_key.pub
-
-sync
-
-umount /embassy-os
-umount /media/root-rw
-
-fatlabel /dev/mmcblk0p1 boot
-e2label /dev/mmcblk0p3 rootfs
-
-(
-    echo d
-    echo 1
-    echo d
-    echo 2
-    echo n
-    echo p
-    echo 1
-    echo
-    echo
-    echo d
-    echo 3
-    echo d
-    echo 4
-    echo n
-    echo p
-    echo 2
-    echo
-    echo
-    echo t
-    echo 1
-    echo c
-    echo w
-) | fdisk /dev/mmcblk0
-
-reboot

build/raspberry-pi/init-with-sound.sh

@@ -1,18 +0,0 @@
-#!/bin/bash
-
-function flatline {
-	echo -n "0" > /sys/class/pwm/pwmchip0/export
-	sleep 0.5
-	echo -n "2272727" > /sys/class/pwm/pwmchip0/pwm0/period
-	echo -n "1136364" > /sys/class/pwm/pwmchip0/pwm0/duty_cycle
-	echo -n "1" > /sys/class/pwm/pwmchip0/pwm0/enable
-	sleep 30
-	echo -n "0" > /sys/class/pwm/pwmchip0/pwm0/enable
-}
-
-initialization.sh 
-STATUS=$?
-if [ $STATUS -ne 0 ]; then
-	flatline
-	exit $STATUS
-fi

build/raspberry-pi/initialization.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=Boot process for system initialization.
-After=network-online.target systemd-time-wait-sync.service
-
-[Service]
-Type=oneshot
-ExecStart=/usr/local/bin/init-with-sound.sh
-RemainAfterExit=true
-StandardOutput=append:/var/log/initialization.log
-
-[Install]
-WantedBy=multi-user.target

build/raspberry-pi/initialization.sh

@@ -1,82 +0,0 @@
-#!/bin/bash
-set -e
-
-# introduce start9 username and embassy as default password
-if ! awk -F: '{ print $1 }' /etc/passwd | grep start9
-then
-	usermod -l start9 -d /home/start9 -m pi
-	groupmod --new-name start9 pi
-	echo start9:embassy | chpasswd
-fi
-
-START=$(date +%s)
-while ! ping -q -w 1 -c 1 `ip r | grep default | cut -d ' ' -f 3` > /dev/null; do
-	>&2 echo "Waiting for internet connection..."
-	sleep 1
-	if [ "$[$START + 60]" -lt $(date +%s) ]; then
-		>&2 echo "Timed out waiting for internet connection..."
-		exit 1
-	fi
-done
-echo "Connected to network"
-
-# Convert all repos to use https:// before apt update
-sed -i "s/http:/https:/g" /etc/apt/sources.list /etc/apt/sources.list.d/*.list
-
-. /usr/lib/embassy/scripts/add-apt-sources
-
-KERN=$(dpkg -s raspberrypi-kernel | grep Version | awk '{print $2}')
-apt-get update
-
-# TODO remove in 0.4.0
-if [ "$KERN" != "1:1.20221104-1" ]; then
-	wget https://archive.raspberrypi.org/debian/pool/main/r/raspberrypi-firmware/raspberrypi-kernel_1.20221104-1_arm64.deb
-	sha256sum raspberrypi-kernel_1.20221104-1_arm64.deb | grep 9de9fe61e17eab351b6d4c8ee42d836c16b066f3593a4a9626283df6df718e42
-	apt-get install -y --allow-change-held-packages --allow-downgrades ./raspberrypi-kernel_1.20221104-1_arm64.deb
-	rm ./raspberrypi-kernel_1.20221104-1_arm64.deb
-fi
-apt-mark hold raspberrypi-bootloader
-apt-mark hold raspberrypi-kernel
-
-apt-get upgrade -y
-if [ "$KERN" != "$(dpkg -s raspberrypi-kernel | grep Version | awk '{print $2}')" ]; then
-	echo "Kernel updated, restarting..."
-	sync
-	reboot
-fi
-
-apt-get install -y $(cat /usr/lib/embassy/depends)
-apt-get remove --purge -y $(cat /usr/lib/embassy/conflicts) beep
-apt-get autoremove -y
-
-systemctl stop tor
-
-. /usr/lib/embassy/scripts/postinst
-
-usermod -aG embassy start9
-
-systemctl enable embassyd.service embassy-init.service
-
-# . /usr/lib/embassy/scripts/enable-kiosk
-
-sed -i 's/^/usb-storage.quirks=152d:0562:u,14cd:121c:u,0781:cfcb:u /g' /boot/cmdline.txt
-
-# making that *sudo docker stats* command fulfil its purpose by displaying all metrics
-sed -i 's/rootwait quiet.*/rootwait cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory quiet/g' /boot/cmdline.txt
-
-systemctl disable nc-broadcast.service
-systemctl disable initialization.service
-
-update-initramfs -c -k "$(uname -r)"
-
-sed -i /boot/config.txt -e "/initramfs.*/d" 
-echo initramfs "initrd.img-$(uname -r)" >> /boot/config.txt
-
-sed -i /boot/cmdline.txt -e "s/^/boot=embassy /"
-
-passwd -l start9
-
-sync
-
-reboot
-

build/raspberry-pi/make-image.sh

@@ -1,34 +0,0 @@
-#!/bin/bash
-
-set -e
-
-function partition_for () {
-    if [[ "$1" =~ [0-9]+$ ]]; then
-        echo "$1p$2"
-    else
-        echo "$1$2"
-    fi
-}
-
-TARGET_NAME=eos_raspberrypi-uninit.img
-TARGET_SIZE=2400000000
-
-cp raspios.img $TARGET_NAME
-truncate -s $TARGET_SIZE $TARGET_NAME
-(
-    echo d
-    echo 2
-    echo n
-    echo p
-    echo 2
-    echo 532480
-    echo
-    echo w
-) | sudo fdisk $TARGET_NAME
-export OUTPUT_DEVICE=$(sudo losetup --show -fP $TARGET_NAME)
-sudo e2fsck -f -y `partition_for ${OUTPUT_DEVICE} 2`
-sudo resize2fs `partition_for ${OUTPUT_DEVICE} 2`
-./build/raspberry-pi/write-image.sh
-sudo e2fsck -f -y `partition_for ${OUTPUT_DEVICE} 2`
-sudo resize2fs -M `partition_for ${OUTPUT_DEVICE} 2`
-sudo losetup -d $OUTPUT_DEVICE

build/raspberry-pi/make-initialized-image.sh

@@ -1,66 +0,0 @@
-#!/bin/bash
-
-set -e
-
-function partition_for () {
-    if [[ "$1" =~ [0-9]+$ ]]; then
-        echo "$1p$2"
-    else
-        echo "$1$2"
-    fi
-}
-
-VERSION=$(cat VERSION.txt)
-ENVIRONMENT=$(cat ENVIRONMENT.txt)
-GIT_HASH=$(cat GIT_HASH.txt | head -c 7)
-DATE=$(date +%Y%m%d)
-
-VERSION_FULL="$VERSION-$GIT_HASH"
-
-if [ -n "$ENVIRONMENT" ]; then
-  VERSION_FULL="$VERSION_FULL~$ENVIRONMENT"
-fi
-
-TARGET_NAME=eos-${VERSION_FULL}-${DATE}_raspberrypi.img
-TARGET_SIZE=$[(31116287+1)*512]
-
-rm -f $TARGET_NAME
-truncate -s $TARGET_SIZE $TARGET_NAME
-(
-    echo o
-    echo x
-    echo i
-    echo "0xcb15ae4d"
-    echo r
-    echo n
-    echo p
-    echo 1
-    echo 2048
-    echo 526335
-    echo 1050623
-    echo t
-    echo c
-    echo n
-    echo p
-    echo 2
-    echo 1050624
-    echo 31116287
-    echo a
-    echo 1
-    echo w
-) | fdisk $TARGET_NAME
-OUTPUT_DEVICE=$(sudo losetup --show -fP $TARGET_NAME)
-sudo mkfs.ext4 `partition_for ${OUTPUT_DEVICE} 2`
-sudo mkfs.vfat `partition_for ${OUTPUT_DEVICE} 1`
-
-TMPDIR=$(mktemp -d)
-
-sudo mount `partition_for ${OUTPUT_DEVICE} 2` $TMPDIR
-sudo mkdir -p $TMPDIR/config
-sudo mkdir -p $TMPDIR/next
-sudo mkdir -p $TMPDIR/current/boot
-sudo mount `partition_for ${OUTPUT_DEVICE} 1` $TMPDIR/current/boot
-sudo unsquashfs -f -d $TMPDIR/current eos.raspberrypi.squashfs
-sudo umount $TMPDIR/current/boot
-sudo umount $TMPDIR
-sudo losetup -d $OUTPUT_DEVICE

build/raspberry-pi/make-upgrade-image.sh

@@ -1,45 +0,0 @@
-#!/bin/bash
-
-set -e
-
-function partition_for () {
-    if [[ "$1" =~ [0-9]+$ ]]; then
-        echo "$1p$2"
-    else
-        echo "$1$2"
-    fi
-}
-
-TARGET_NAME=lite-upgrade.img
-TARGET_SIZE=7000000000
-
-LOOPDEV=$(sudo losetup --show -fP raspios.img)
-sudo cat `partition_for ${LOOPDEV} 2` > $TARGET_NAME
-sudo losetup -d $LOOPDEV
-truncate -s $TARGET_SIZE $TARGET_NAME
-sudo e2fsck -f -y $TARGET_NAME
-sudo resize2fs $TARGET_NAME
-
-TMPDIR=$(mktemp -d)
-
-sudo mount $TARGET_NAME $TMPDIR/
-
-sudo mkdir -p $TMPDIR/update
-sudo unsquashfs -f -d $TMPDIR/update eos.raspberrypi.squashfs
-sudo cp ./cargo-deps/aarch64-unknown-linux-gnu/release/pi-beep $TMPDIR/usr/local/bin/beep
-sudo cp ./build/raspberry-pi/033-upgrade.sh $TMPDIR/usr/local/bin/033-upgrade.sh
-sudo cp ./build/raspberry-pi/033-upgrade.service $TMPDIR/etc/systemd/system/033-upgrade.service
-sudo ln -s /etc/systemd/system/033-upgrade.service $TMPDIR/etc/systemd/system/multi-user.target.wants/033-upgrade.service
-sudo cp ./cargo-deps/aarch64-unknown-linux-gnu/release/nc-broadcast $TMPDIR/usr/local/bin
-sudo cp ./build/raspberry-pi/nc-broadcast.service $TMPDIR/etc/systemd/system/nc-broadcast.service
-sudo ln -s /etc/systemd/system/nc-broadcast.service $TMPDIR/etc/systemd/system/multi-user.target.wants/nc-broadcast.service
-
-sudo umount $TMPDIR/
-
-sudo e2fsck -f -y $TARGET_NAME
-sudo resize2fs -M $TARGET_NAME
-BLOCK_INFO=$(sudo dumpe2fs $TARGET_NAME)
-BLOCK_COUNT=$(echo "$BLOCK_INFO" | grep "Block count:" | sed 's/Block count:\s\+//g')
-BLOCK_SIZE=$(echo "$BLOCK_INFO" | grep "Block size:" | sed 's/Block size:\s\+//g')
-FS_SIZE=$[$BLOCK_COUNT*$BLOCK_SIZE]
-truncate -s $FS_SIZE $TARGET_NAME

build/raspberry-pi/nc-broadcast.service

@@ -1,13 +0,0 @@
-[Unit]
-Description=Writes initialization logs to network
-Requires=initialization.service
-
-[Service]
-Type=oneshot
-Restart=on-failure
-RestartSec=5s
-ExecStart=/usr/local/bin/nc-broadcast --input=/var/log/initialization.log --tee 0.0.0.0:8080
-RemainAfterExit=true
-
-[Install]
-WantedBy=multi-user.target

build/raspberry-pi/rip-image.sh

@@ -1,30 +0,0 @@
-#!/bin/bash
-
-set -e
-
-TMPDIR=$(mktemp -d)
-
-ROOT_PARTITION=$(readlink -f /dev/disk/by-label/rootfs)
-BOOT_PARTITION=$(readlink -f /dev/disk/by-label/boot)
-
-if [[ "$ROOT_PARTITION" =~ ^/dev/loop ]] || [[ "$BOOT_PARTITION" =~ ^/dev/loop ]]; then
-	>&2 echo 'You are currently ripping from a loop device.'
-	>&2 echo 'This is probably a mistake, and usually means you failed to detach a .img file.'
-	read -p "Continue anyway? [y/N]" -n 1 -r
-	echo
-	if ! [[ "$REPLY" =~ ^[Yy]$ ]]; then
-        	exit 1
-	fi
-fi
-
-sudo mount $ROOT_PARTITION $TMPDIR/
-sudo mount $BOOT_PARTITION $TMPDIR/current/boot/
-sudo sed -i 's/PARTUUID=[a-f0-9]\+/PARTUUID=cb15ae4d/g' $TMPDIR/current/etc/fstab
-sudo sed -i 's/PARTUUID=[a-f0-9]\+/PARTUUID=cb15ae4d/g' $TMPDIR/current/boot/cmdline.txt
-rm -f eos.raspberrypi.squashfs
-sudo mksquashfs $TMPDIR/current/ eos.raspberrypi.squashfs
-
-sudo umount $TMPDIR/current/boot/
-sudo umount $TMPDIR/
-
-rm -rf $TMPDIR

build/raspberry-pi/write-image.sh

@@ -1,56 +0,0 @@
-#!/bin/bash
-
-set -e
-
-function partition_for () {
-    if [[ "$1" =~ [0-9]+$ ]]; then
-        echo "$1p$2"
-    else
-        echo "$1$2"
-    fi
-}
-
-# Mount the boot partition and config
-TMPDIR=$(mktemp -d)
-sudo mount `partition_for ${OUTPUT_DEVICE} 1` $TMPDIR
-
-cat $TMPDIR/config.txt | grep -v "dtoverlay=" | sudo tee $TMPDIR/config.txt.tmp > /dev/null
-echo "dtoverlay=pwm-2chan,disable-bt" | sudo tee -a $TMPDIR/config.txt.tmp > /dev/null
-echo "gpu_mem=16" | sudo tee -a $TMPDIR/config.txt.tmp > /dev/null
-sudo mv $TMPDIR/config.txt.tmp $TMPDIR/config.txt
-sudo touch $TMPDIR/ssh
-
-sudo umount $TMPDIR
-
-sudo mount `partition_for ${OUTPUT_DEVICE} 2` $TMPDIR
-
-sudo mkdir $TMPDIR/media/embassy/
-sudo ENVIRONMENT=$ENVIRONMENT make V=1 install ARCH=aarch64 OS_ARCH=raspberrypi DESTDIR=$TMPDIR --debug
-sudo sed -i 's/raspberrypi/embassy/g' $TMPDIR/etc/hostname
-sudo sed -i 's/raspberrypi/embassy/g' $TMPDIR/etc/hosts
-sudo cp ./cargo-deps/aarch64-unknown-linux-gnu/release/pi-beep $TMPDIR/usr/local/bin/beep
-sudo cp cargo-deps/aarch64-unknown-linux-gnu/release/nc-broadcast $TMPDIR/usr/local/bin
-sudo cp backend/*.service $TMPDIR/etc/systemd/system/
-sudo mkdir -p $TMPDIR/etc/embassy
-sudo cp build/raspberry-pi/config.yaml $TMPDIR/etc/embassy/config.yaml
-
-# Make the .ssh directory for UID 1000 user
-sudo mkdir -p $TMPDIR/home/$(awk -v val=1000 -F ":" '$3==val{print $1}' $TMPDIR/etc/passwd)/.ssh
-sudo mv $TMPDIR/etc/sudoers.d/010_pi-nopasswd $TMPDIR/etc/sudoers.d/010_start9-nopasswd
-sudo sed -i 's/pi/start9/g' $TMPDIR/etc/sudoers.d/010_start9-nopasswd
-sudo sed -i 's/ pi / start9 /g' $TMPDIR/etc/systemd/system/autologin@.service
-
-if [[ "$ENVIRONMENT" =~ (^|-)dev($|-) ]]; then
-    cat ./build/raspberry-pi/initialization.sh | grep -v "passwd -l start9" | sudo tee $TMPDIR/usr/local/bin/initialization.sh > /dev/null
-    sudo chmod +x $TMPDIR/usr/local/bin/initialization.sh
-else
-    sudo cp ./build/raspberry-pi/initialization.sh $TMPDIR/usr/local/bin
-fi
-sudo cp ./build/raspberry-pi/init-with-sound.sh $TMPDIR/usr/local/bin
-
-sudo cp ./build/raspberry-pi/initialization.service $TMPDIR/etc/systemd/system/initialization.service
-sudo ln -s /etc/systemd/system/initialization.service $TMPDIR/etc/systemd/system/multi-user.target.wants/initialization.service
-sudo cp ./build/raspberry-pi/nc-broadcast.service $TMPDIR/etc/systemd/system/nc-broadcast.service
-sudo ln -s /etc/systemd/system/nc-broadcast.service $TMPDIR/etc/systemd/system/multi-user.target.wants/nc-broadcast.service
-
-sudo umount $TMPDIR

build/raspberrypi/cmdline.txt

@@ -0,0 +1 @@
+console=serial0,115200 console=tty1 root=PARTUUID=cb15ae4d-02 rootfstype=ext4 fsck.repair=yes rootwait cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory quiet init=/usr/lib/embassy/scripts/init_resize.sh

build/raspberrypi/config.txt

@@ -0,0 +1,86 @@
+# For more options and information see
+# http://rpf.io/configtxt
+# Some settings may impact device functionality. See link above for details
+
+# uncomment if you get no picture on HDMI for a default "safe" mode
+#hdmi_safe=1
+
+# uncomment the following to adjust overscan. Use positive numbers if console
+# goes off screen, and negative if there is too much border
+#overscan_left=16
+#overscan_right=16
+#overscan_top=16
+#overscan_bottom=16
+
+# uncomment to force a console size. By default it will be display's size minus
+# overscan.
+#framebuffer_width=1280
+#framebuffer_height=720
+
+# uncomment if hdmi display is not detected and composite is being output
+#hdmi_force_hotplug=1
+
+# uncomment to force a specific HDMI mode (this will force VGA)
+#hdmi_group=1
+#hdmi_mode=1
+
+# uncomment to force a HDMI mode rather than DVI. This can make audio work in
+# DMT (computer monitor) modes
+#hdmi_drive=2
+
+# uncomment to increase signal to HDMI, if you have interference, blanking, or
+# no display
+#config_hdmi_boost=4
+
+# uncomment for composite PAL
+#sdtv_mode=2
+
+#uncomment to overclock the arm. 700 MHz is the default.
+#arm_freq=800
+
+# Uncomment some or all of these to enable the optional hardware interfaces
+#dtparam=i2c_arm=on
+#dtparam=i2s=on
+#dtparam=spi=on
+
+# Uncomment this to enable infrared communication.
+#dtoverlay=gpio-ir,gpio_pin=17
+#dtoverlay=gpio-ir-tx,gpio_pin=18
+
+# Additional overlays and parameters are documented /boot/overlays/README
+
+# Enable audio (loads snd_bcm2835)
+dtparam=audio=on
+
+# Automatically load overlays for detected cameras
+camera_auto_detect=1
+
+# Automatically load overlays for detected DSI displays
+display_auto_detect=1
+
+# Enable DRM VC4 V3D driver
+dtoverlay=vc4-kms-v3d
+max_framebuffers=2
+
+# Run in 64-bit mode
+arm_64bit=1
+
+# Disable compensation for displays with overscan
+disable_overscan=1
+
+[cm4]
+# Enable host mode on the 2711 built-in XHCI USB controller.
+# This line should be removed if the legacy DWC2 controller is required
+# (e.g. for USB device mode) or if USB support is not required.
+otg_mode=1
+
+[all]
+
+[pi4]
+# Run as fast as firmware / board allows
+arm_boost=1
+
+[all]
+gpu_mem=16
+dtoverlay=pwm-2chan,disable-bt
+initramfs initrd.img-6.1.21-v8+

build/raspberrypi/config.yaml

@@ -1,5 +1,5 @@
 os-partitions:
   boot: /dev/mmcblk0p1
   root: /dev/mmcblk0p2
-ethernet-interface: eth0
+ethernet-interface: end0
 wifi-interface: wlan0

build/raspberrypi/fstab

@@ -0,0 +1,2 @@
+/dev/mmcblk0p1  /boot       vfat    umask=0077  0   2
+/dev/mmcblk0p2  /           ext4    defaults    0   1

build/raspberrypi/init_resize.sh

@@ -0,0 +1,134 @@
+#!/bin/bash
+
+get_variables () {
+  ROOT_PART_DEV=$(findmnt / -o source -n)
+  ROOT_PART_NAME=$(echo "$ROOT_PART_DEV" | cut -d "/" -f 3)
+  ROOT_DEV_NAME=$(echo /sys/block/*/"${ROOT_PART_NAME}" | cut -d "/" -f 4)
+  ROOT_DEV="/dev/${ROOT_DEV_NAME}"
+  ROOT_PART_NUM=$(cat "/sys/block/${ROOT_DEV_NAME}/${ROOT_PART_NAME}/partition")
+
+  BOOT_PART_DEV=$(findmnt /boot -o source -n)
+  BOOT_PART_NAME=$(echo "$BOOT_PART_DEV" | cut -d "/" -f 3)
+  BOOT_DEV_NAME=$(echo /sys/block/*/"${BOOT_PART_NAME}" | cut -d "/" -f 4)
+  BOOT_PART_NUM=$(cat "/sys/block/${BOOT_DEV_NAME}/${BOOT_PART_NAME}/partition")
+
+  OLD_DISKID=$(fdisk -l "$ROOT_DEV" | sed -n 's/Disk identifier: 0x\([^ ]*\)/\1/p')
+
+  ROOT_DEV_SIZE=$(cat "/sys/block/${ROOT_DEV_NAME}/size")
+  if [ "$ROOT_DEV_SIZE" -le 67108864 ]; then
+      TARGET_END=$((ROOT_DEV_SIZE - 1))
+  else
+      TARGET_END=$((33554432 - 1))
+      DATA_PART_START=33554432
+      DATA_PART_END=$((ROOT_DEV_SIZE - 1))
+  fi
+
+  PARTITION_TABLE=$(parted -m "$ROOT_DEV" unit s print | tr -d 's')
+
+  LAST_PART_NUM=$(echo "$PARTITION_TABLE" | tail -n 1 | cut -d ":" -f 1)
+
+  ROOT_PART_LINE=$(echo "$PARTITION_TABLE" | grep -e "^${ROOT_PART_NUM}:")
+  ROOT_PART_START=$(echo "$ROOT_PART_LINE" | cut -d ":" -f 2)
+  ROOT_PART_END=$(echo "$ROOT_PART_LINE" | cut -d ":" -f 3)
+}
+
+check_variables () {
+  if [ "$BOOT_DEV_NAME" != "$ROOT_DEV_NAME" ]; then
+      FAIL_REASON="Boot and root partitions are on different devices"
+      return 1
+  fi
+
+  if [ "$ROOT_PART_NUM" -ne "$LAST_PART_NUM" ]; then
+    FAIL_REASON="Root partition should be last partition"
+    return 1
+  fi
+
+  if [ "$ROOT_PART_END" -gt "$TARGET_END" ]; then
+    FAIL_REASON="Root partition runs past the end of device"
+    return 1
+  fi
+
+  if [ ! -b "$ROOT_DEV" ] || [ ! -b "$ROOT_PART_DEV" ] || [ ! -b "$BOOT_PART_DEV" ] ; then
+    FAIL_REASON="Could not determine partitions"
+    return 1
+  fi
+}
+
+main () {
+  get_variables
+
+  if ! check_variables; then
+    return 1
+  fi
+
+#   if [ "$ROOT_PART_END" -eq "$TARGET_END" ]; then
+#     reboot_pi
+#   fi
+
+  if ! echo Yes | parted -m --align=optimal "$ROOT_DEV" ---pretend-input-tty u s resizepart "$ROOT_PART_NUM" "$TARGET_END" ; then
+    FAIL_REASON="Root partition resize failed"
+    return 1
+  fi
+
+  if [ -n "$DATA_PART_START" ]; then
+    if ! parted -ms --align=optimal "$ROOT_DEV" u s mkpart primary "$DATA_PART_START" "$DATA_PART_END"; then
+      FAIL_REASON="Data partition creation failed"
+      return 1
+    fi
+  fi
+
+  (
+    echo x
+    echo i
+    echo "0xcb15ae4d"
+    echo r
+    echo w
+  ) | fdisk $ROOT_DEV
+
+  mount / -o remount,rw
+
+  resize2fs $ROOT_PART_DEV
+
+  if ! systemd-machine-id-setup; then
+    FAIL_REASON="systemd-machine-id-setup failed"
+    return 1
+  fi
+
+  if ! make-ssl-cert generate-default-snakeoil --force-overwrite; then
+    FAIL_REASON="snakeoil cert generation failed"
+    return 1
+  fi
+
+  if ! ssh-keygen -A; then
+    FAIL_REASON="ssh host key generation failed"
+    return 1
+  fi
+
+  ln -sf /usr/lib/embassy/scripts/fake-apt /usr/local/bin/apt-get
+
+  return 0
+}
+
+mount -t proc proc /proc
+mount -t sysfs sys /sys
+mount -t tmpfs tmp /run
+mkdir -p /run/systemd
+mount /boot
+mount / -o remount,ro
+
+beep
+
+if main; then
+  sed -i 's| init=/usr/lib/embassy/scripts/init_resize\.sh| boot=embassy|' /boot/cmdline.txt
+  echo "Resized root filesystem. Rebooting in 5 seconds..."
+  sleep 5
+else
+  echo -e "Could not expand filesystem.\n${FAIL_REASON}"
+  sleep 5
+fi
+
+sync
+
+umount /boot
+
+reboot -f

build/raspberrypi/make-image.sh

@@ -0,0 +1,88 @@
+#!/bin/bash
+
+set -e
+
+function partition_for () {
+    if [[ "$1" =~ [0-9]+$ ]]; then
+        echo "$1p$2"
+    else
+        echo "$1$2"
+    fi
+}
+
+VERSION=$(cat VERSION.txt)
+ENVIRONMENT=$(cat ENVIRONMENT.txt)
+GIT_HASH=$(cat GIT_HASH.txt | head -c 7)
+DATE=$(date +%Y%m%d)
+
+VERSION_FULL="$VERSION-$GIT_HASH"
+
+if [ -n "$ENVIRONMENT" ]; then
+  VERSION_FULL="$VERSION_FULL~$ENVIRONMENT"
+fi
+
+TARGET_NAME=eos-${VERSION_FULL}-${DATE}_raspberrypi.img
+TARGET_SIZE=$[(6817791+1)*512]
+
+rm -f $TARGET_NAME
+truncate -s $TARGET_SIZE $TARGET_NAME
+(
+    echo o
+    echo x
+    echo i
+    echo "0xcb15ae4d"
+    echo r
+    echo n
+    echo p
+    echo 1
+    echo 2048
+    echo 526335
+    echo t
+    echo c
+    echo n
+    echo p
+    echo 2
+    echo 526336
+    echo 6817791
+    echo a
+    echo 1
+    echo w
+) | fdisk $TARGET_NAME
+OUTPUT_DEVICE=$(sudo losetup --show -fP $TARGET_NAME)
+sudo mkfs.ext4 `partition_for ${OUTPUT_DEVICE} 2`
+sudo mkfs.vfat `partition_for ${OUTPUT_DEVICE} 1`
+
+TMPDIR=$(mktemp -d)
+
+sudo mount `partition_for ${OUTPUT_DEVICE} 2` $TMPDIR
+sudo mkdir $TMPDIR/boot
+sudo mount `partition_for ${OUTPUT_DEVICE} 1` $TMPDIR/boot
+sudo unsquashfs -f -d $TMPDIR eos.raspberrypi.squashfs
+REAL_GIT_HASH=$(cat $TMPDIR/usr/lib/embassy/GIT_HASH.txt)
+REAL_VERSION=$(cat $TMPDIR/usr/lib/embassy/VERSION.txt)
+REAL_ENVIRONMENT=$(cat $TMPDIR/usr/lib/embassy/ENVIRONMENT.txt)
+sudo cp ./build/raspberrypi/cmdline.txt $TMPDIR/boot/
+sudo cp ./build/raspberrypi/config.txt $TMPDIR/boot/
+sudo cp ./build/raspberrypi/fstab $TMPDIR/etc/
+sudo mkdir -p $TMPDIR/etc/embassy
+sudo cp ./build/raspberrypi/config.yaml $TMPDIR/etc/embassy
+sudo cp ./build/raspberrypi/init_resize.sh $TMPDIR//usr/lib/embassy/scripts/init_resize.sh
+sudo cp ./cargo-deps/aarch64-unknown-linux-gnu/release/pi-beep $TMPDIR/usr/local/bin/beep
+sudo umount $TMPDIR/boot
+sudo umount $TMPDIR
+sudo losetup -d $OUTPUT_DEVICE
+
+if [ "$ALLOW_VERSION_MISMATCH" != 1 ]; then
+    if [ "$(cat GIT_HASH.txt)" != "$REAL_GIT_HASH" ]; then
+        >&2 echo "eos.raspberrypi.squashfs GIT_HASH.txt mismatch"
+        exit 1
+    fi
+    if [ "$(cat VERSION.txt)" != "$REAL_VERSION" ]; then
+        >&2 echo "eos.raspberrypi.squashfs VERSION.txt mismatch"
+        exit 1
+    fi
+    if [ "$(cat ENVIRONMENT.txt)" != "$REAL_ENVIRONMENT" ]; then
+        >&2 echo "eos.raspberrypi.squashfs ENVIRONMENT.txt mismatch"
+        exit 1
+    fi
+fi