Start9/start-os
2
0
Fork 0
mirror of https://github.com/Start9Labs/start-os.git synced 2026-04-04 14:29:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Feature/multi platform (#1866)

Browse Source 
* wip

* wip

* wip

* wip

* wip

* wip

* remove debian dir

* lazy env and git hash

* remove env and git hash on clean

* don't leave project dir

* use docker for native builds

* start9 rust

* correctly mount registry

* remove systemd config

* switch to /usr/bin

* disable sound for now

* wip

* change disk list

* multi-arch images

* multi-arch system images

* default aarch64

* edition 2021

* dynamic wifi interface name

* use wifi interface from config

* bugfixes

* add beep based sound

* wip

* wip

* wip

* separate out raspberry pi specific files

* fixes

* use new initramfs always

* switch journald conf to sed script

* fixes

* fix permissions

* talking about kernel modules not scripts

* fix

* fix

* switch to MBR

* install to /usr/lib

* fixes

* fixes

* fixes

* fixes

* add media config to cfg path

* fixes

* fixes

* fixes

* raspi image fixes

* fix test

* fix workflow

* sync boot partition

* gahhhhh
This commit is contained in:
Aiden McClelland
2022-10-19 23:01:23 -06:00
parent 0511680fc5
commit 6ad9a5952e
87 changed files with 1734 additions and 1162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
build/fstab
View File

@@ -1,4 +0,0 @@
LABEL=green / ext4 discard,errors=remount-ro 0 1
LABEL=system-boot /media/boot-rw vfat defaults 0 1
/media/boot-rw /boot none defaults,bind,ro 0 0
LABEL=EMBASSY /embassy-os vfat defaults 0 1

161
build/initialization.sh
View File

@@ -1,161 +0,0 @@
#!/bin/bash
set -e
# introduce start9 username and embassy as default password
if ! awk -F: '{ print $1 }' /etc/passwd | grep start9
then
usermod -l start9 -d /home/start9 -m pi
groupmod --new-name start9 pi
echo start9:embassy | chpasswd
fi
passwd -l start9
START=$(date +%s)
while ! ping -q -w 1 -c 1 `ip r | grep default | cut -d ' ' -f 3` > /dev/null; do
>&2 echo "Waiting for internet connection..."
sleep 1
if [ "$[$START + 60]" -lt $(date +%s) ]; then
>&2 echo "Timed out waiting for internet connection..."
exit 1
fi
done
echo "Connected to network"
# change timezone
timedatectl set-timezone Etc/UTC
! test -f /etc/docker/daemon.json || rm /etc/docker/daemon.json
mount -o remount,rw /boot
apt-mark hold raspberrypi-bootloader
apt-mark hold raspberrypi-kernel
# Convert all repos to use https:// before apt update
sed -i "s/http:/https:/g" /etc/apt/sources.list /etc/apt/sources.list.d/*.list
apt-get update
apt-get install -y \
nginx \
libavahi-client3 \
avahi-daemon \
avahi-utils \
iotop \
bmon \
lvm2 \
cryptsetup \
exfat-utils \
sqlite3 \
network-manager \
wireless-tools \
net-tools \
ecryptfs-utils \
cifs-utils \
samba-common-bin \
vim \
jq \
ncdu \
postgresql \
pgloader \
dnsutils
# switch to systemd-resolved & network-manager
systemctl enable systemd-resolved
systemctl start systemd-resolved
apt-get remove --purge openresolv dhcpcd5 -y
echo "#" > /etc/network/interfaces
systemctl disable wpa_supplicant.service
ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
cat << EOF > /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile
dns=systemd-resolved
[ifupdown]
managed=true
EOF
sudo systemctl restart NetworkManager
nmcli device modify eth0 ipv4.ignore-auto-dns no
START=$(date +%s)
while ! ping -q -w 1 -c 1 start9.com > /dev/null; do
>&2 echo "Waiting for network to reinitialize..."
sleep 1
if [ "$[$START + 60]" -lt $(date +%s) ]; then
>&2 echo "Timed out waiting for network to reinitialize..."
exit 1
fi
done
echo "Network reinitialized"
# Setup repository from The Guardian Project and install latest stable Tor daemon
wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
echo "deb [arch=arm64 signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org bullseye main" > /etc/apt/sources.list.d/tor.list
apt-get update && apt-get install -y tor deb.torproject.org-keyring
curl -fsSL https://get.docker.com | sh # TODO: commit this script into git instead of live fetching it
systemctl disable postgresql.service
systemctl disable bluetooth.service
systemctl disable hciuart.service
systemctl disable triggerhappy.service
apt-get autoremove -y
apt-get upgrade -y
sed -i 's/Restart=on-failure/Restart=always/g' /lib/systemd/system/tor@default.service
sed -i 's/ExecStart=\/usr\/bin\/dockerd/ExecStart=\/usr\/bin\/dockerd --exec-opt native.cgroupdriver=systemd/g' /lib/systemd/system/docker.service
sed -i '/}/i \ \ \ \ application\/wasm \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ wasm;' /etc/nginx/mime.types
sed -i 's/# server_names_hash_bucket_size 64;/server_names_hash_bucket_size 128;/g' /etc/nginx/nginx.conf
sed -i 's/#allow-interfaces=eth0/allow-interfaces=eth0,wlan0/g' /etc/avahi/avahi-daemon.conf
sed -i '/\(^\|#\)entries-per-entry-group-max=/c\entries-per-entry-group-max=128' /etc/avahi/avahi-daemon.conf
echo '{ "cgroup-parent": "docker-engine.slice" }' > /etc/docker/daemon.json
mkdir -p /etc/nginx/ssl
# fix to suppress docker warning, fixed in 21.xx release of docker cli: https://github.com/docker/cli/pull/2934
mkdir -p /root/.docker
touch /root/.docker/config.json
mkdir -p /etc/embassy
systemctl enable embassyd.service embassy-init.service
cat << EOF > /etc/tor/torrc
SocksPort 0.0.0.0:9050
SocksPolicy accept 127.0.0.1
SocksPolicy accept 172.18.0.0/16
SocksPolicy reject *
ControlPort 9051
CookieAuthentication 1
EOF
if [ -f /embassy-os/product_key.txt ]
then
cat /embassy-os/product_key.txt | tr -d '\n' | sha256sum | head -c 32 | sed 's/$/\n/' > /etc/machine-id
else
head -c 16 /dev/urandom | xxd -p | sed 's/$/\n/' > /etc/machine-id
fi
systemctl stop tor
rm -rf /var/lib/tor/*
raspi-config nonint enable_overlayfs
# create a copy of the cmdline *without* the quirk string, so that it can be easily amended
sed -i 's/usb-storage.quirks=152d:0562:u,14cd:121c:u,0781:cfcb:u //g' /boot/cmdline.txt
cp /boot/cmdline.txt /boot/cmdline.txt.orig
sed -i 's/^/usb-storage.quirks=152d:0562:u,14cd:121c:u,0781:cfcb:u /g' /boot/cmdline.txt
# making that *sudo docker stats* command fulfil its purpose by displaying all metrics
sed -i 's/rootwait quiet.*/rootwait cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory quiet/g' /boot/cmdline.txt
systemctl disable nc-broadcast.service
systemctl disable initialization.service
echo "fs.inotify.max_user_watches=1048576" > /etc/sysctl.d/97-embassy.conf
sync
reboot

44
build/journald.conf
View File

@@ -1,44 +0,0 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See journald.conf(5) for details.
[Journal]
Storage=persistent
Compress=yes
#Seal=yes
#SplitMode=uid
#SyncIntervalSec=5m
#RateLimitIntervalSec=30s
#RateLimitBurst=10000
SystemMaxUse=1G
#SystemKeepFree=
#SystemMaxFileSize=
#SystemMaxFiles=100
#RuntimeMaxUse=
#RuntimeKeepFree=
#RuntimeMaxFileSize=
#RuntimeMaxFiles=100
#MaxRetentionSec=
#MaxFileSec=1month
ForwardToSyslog=no
#ForwardToKMsg=no
#ForwardToConsole=no
#ForwardToWall=yes
#TTYPath=/dev/console
#MaxLevelStore=debug
#MaxLevelSyslog=debug
#MaxLevelKMsg=notice
#MaxLevelConsole=info
#MaxLevelWall=emerg
#LineMax=48K
#ReadKMsg=yes
#Audit=no

3
build/lib/conflicts Normal file
View File

@@ -0,0 +1,3 @@
openresolv
dhcpcd5
firewalld

31
build/lib/depends Normal file
View File

@@ -0,0 +1,31 @@
tor
nginx
avahi-daemon
avahi-utils
iotop
bmon
lvm2
cryptsetup
exfat-utils
sqlite3
wireless-tools
net-tools
ecryptfs-utils
cifs-utils
samba-common-bin
network-manager
vim
jq
ncdu
postgresql
pgloader
openssh-server
docker-ce
docker-ce-cli
containerd.io
docker-compose-plugin
beep
httpdirfs
iw
squashfs-tools
rsync

0
build/docker-engine.slice → build/lib/docker-engine.slice
View File

0
build/00-embassy → build/lib/motd
View File

9
build/lib/scripts/add-apt-sources Executable file
View File

@@ -0,0 +1,9 @@
#!/bin/sh
set -e
curl -fsSL https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor -o- > /usr/share/keyrings/tor-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org bullseye main" > /etc/apt/sources.list.d/tor.list
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o- > /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian bullseye stable" > /etc/apt/sources.list.d/docker.list

96
build/lib/scripts/embassy-initramfs-module Executable file
View File

@@ -0,0 +1,96 @@
# Local filesystem mounting -*- shell-script -*-
#
# This script overrides local_mount_root() in /scripts/local
# and mounts root as a read-only filesystem with a temporary (rw)
# overlay filesystem.
#
. /scripts/local
local_mount_root()
{
echo 'using embassy initramfs module'
local_top
local_device_setup "${ROOT}" "root file system"
ROOT="${DEV}"
# Get the root filesystem type if not set
if [ -z "${ROOTFSTYPE}" ]; then
FSTYPE=$(get_fstype "${ROOT}")
else
FSTYPE=${ROOTFSTYPE}
fi
local_premount
# CHANGES TO THE ORIGINAL FUNCTION BEGIN HERE
# N.B. this code still lacks error checking
modprobe ${FSTYPE}
checkfs ${ROOT} root "${FSTYPE}"
if [ "${FSTYPE}" != "unknown" ]; then
mount -t ${FSTYPE} ${ROOTFLAGS} ${ROOT} ${rootmnt}
else
mount ${ROOTFLAGS} ${ROOT} ${rootmnt}
fi
echo 'mounting embassyfs'
mkdir /embassyfs
mount --move ${rootmnt} /embassyfs
if ! [ -d /embassyfs/current ] && [ -d /embassyfs/prev ]; then
mv /embassyfs/prev /embassyfs/current
fi
if ! [ -d /embassyfs/current ]; then
mkdir /embassyfs/current
for FILE in $(ls /embassyfs); do
if [ "$FILE" != current ]; then
mv /embassyfs/$FILE /embassyfs/current/
fi
done
fi
mkdir -p /embassyfs/config
if [ -f /embassyfs/config/upgrade ] && [ -d /embassyfs/next ]; then
mv /embassyfs/current /embassyfs/prev
mv /embassyfs/next /embassyfs/current
rm /embassyfs/config/upgrade
fi
if ! [ -d /embassyfs/next ]; then
if [ -d /embassyfs/prev ]; then
mv /embassyfs/prev /embassyfs/next
else
mkdir /embassyfs/next
fi
fi
mkdir /lower /upper
mount -r --bind /embassyfs/current /lower
modprobe overlay || insmod "/lower/lib/modules/$(uname -r)/kernel/fs/overlayfs/overlay.ko"
# Mount a tmpfs for the overlay in /upper
mount -t tmpfs tmpfs /upper
mkdir /upper/data /upper/work
# Mount the final overlay-root in $rootmnt
mount -t overlay \
-olowerdir=/lower,upperdir=/upper/data,workdir=/upper/work \
overlay ${rootmnt}
mkdir -p ${rootmnt}/media/embassy/config
mount --bind /embassyfs/config ${rootmnt}/media/embassy/config
mkdir -p ${rootmnt}/media/embassy/next
mount --bind /embassyfs/next ${rootmnt}/media/embassy/next
mkdir -p ${rootmnt}/media/embassy/embassyfs
mount -r --bind /embassyfs ${rootmnt}/media/embassy/embassyfs
}

34
build/lib/scripts/grub-probe-eos Executable file
View File

@@ -0,0 +1,34 @@
#!/bin/sh
ARGS=
for ARG in $@; do
if [ "${ARG%%[!/]*}" = "/" ]; then
OPTIONS=
path="$ARG"
while true; do
if FSTYPE=$( findmnt -n -o FSTYPE "$path" ); then
if [ "$FSTYPE" = "overlay" ]; then
OPTIONS=$(findmnt -n -o OPTIONS "$path")
break
else
break
fi
fi
if [ "$path" = "/" ]; then break; fi
path=$(dirname "$path")
done
if LOWERDIR=$(echo "$OPTIONS" | grep -m 1 -oP 'lowerdir=\K[^,]+'); then
#echo "[DEBUG] Overlay filesystem detected ${ARG} --> ${LOWERDIR}${ARG%*/}" 1>&2
ARG=/media/embassy/embassyfs"${ARG%*/}"
fi
fi
ARGS="$ARGS $ARG"
done
grub-probe-default $ARGS
exit $?

122
build/lib/scripts/install Executable file
View File

@@ -0,0 +1,122 @@
#!/bin/bash
set -e
function partition_for () {
if [[ "$1" =~ [0-9]+$ ]]; then
echo "$1p$2"
else
echo "$1$2"
fi
}
OSDISK=$1
if [ -z "$OSDISK" ]; then
>&2 echo 'usage: embassy-install <TARGET DISK>'
exit 1
fi
WIFI_IFACE=
for IFACE in $(ls /sys/class/net); do
if [ -d /sys/class/net/$IFACE/wireless ]; then
WIFI_IFACE=$IFACE
break
fi
done
ETH_IFACE=
for IFACE in $(ls /sys/class/net); do
if ! [ -d /sys/class/net/$IFACE/wireless ] && [ -d /sys/class/net/$IFACE/device ]; then
ETH_IFACE=$IFACE
break
fi
done
if [ -z "$ETH_IFACE" ]; then
>&2 echo 'Could not detect ethernet interface'
exit 1
fi
(
echo o # GPT
echo n # New Partition
echo p # Primary
echo 1 # Index #1
echo # Default Starting Position
echo '+1G' # 1GB
echo t # Change Type
echo 0b # W95 FAT32
echo a # Set Bootable
echo n # New Partition
echo p # Primary
echo 2 # Index #2
echo # Default Starting Position
echo '+15G' # 15GB
echo n # New Partition
echo p # Primary
echo 3 # Index #3
echo # Default Starting Position
echo # Use Full Remaining
echo t # Change Type
echo 3 # (Still Index #3)
echo 8e # Linux LVM
echo w # Write Changes
) | fdisk $OSDISK
BOOTPART=`partition_for $OSDISK 1`
ROOTPART=`partition_for $OSDISK 2`
mkfs.vfat $BOOTPART
fatlabel $BOOTPART boot
mkfs.ext4 $ROOTPART
e2label $ROOTPART rootfs
mount $ROOTPART /mnt
mkdir /mnt/config
mkdir /mnt/current
mkdir /mnt/next
mkdir /mnt/current/boot
mount $BOOTPART /mnt/current/boot
unsquashfs -f -d /mnt/current /cdrom/casper/filesystem.squashfs
cat > /mnt/config/config.yaml << EOF
os-partitions:
boot: $BOOTPART
root: $ROOTPART
ethernet-interface: $ETH_IFACE
EOF
if [ -n "$WIFI_IFACE" ]; then
echo "wifi-interface: $WIFI_IFACE" >> /mnt/config/config.yaml
fi
# gen fstab
cat > /mnt/current/etc/fstab << EOF
$BOOTPART /boot vfat defaults 0 2
$ROOTPART / ext4 defaults 0 1
EOF
# gen machine-id
chroot /mnt/current systemd-machine-id-setup
# gen ssh host keys
ssh-keygen -t rsa /mnt/current/etc/ssh_host_rsa_key
ssh-keygen -t ecdsa /mnt/current/etc/ssh_host_ecdsa_key
ssh-keygen -t ed25519 /mnt/current/etc/ssh_host_ed25519_key
mount --bind /dev /mnt/current/dev
mount --bind /sys /mnt/current/sys
mount --bind /proc /mnt/current/proc
chroot /mnt/current update-grub
chroot /mnt/current grub-install $OSDISK
umount /mnt/current/dev
umount /mnt/current/sys
umount /mnt/current/proc
umount /mnt/current/boot
umount /mnt

93
build/lib/scripts/postinst Executable file
View File

@@ -0,0 +1,93 @@
#!/bin/sh
set -e
SYSTEMCTL=systemctl
if [ -n "$DPKG_MAINTSCRIPT_PACKAGE" ]; then
SYSTEMCTL=deb-systemd-helper
fi
if [ -f /usr/sbin/grub-probe ]; then
mv /usr/sbin/grub-probe /usr/sbin/grub-probe-default
ln -s /usr/lib/embassy/scripts/grub-probe-eos /usr/sbin/grub-probe
fi
cp /usr/lib/embassy/scripts/embassy-initramfs-module /etc/initramfs-tools/scripts/embassy
if ! grep overlay /etc/initramfs-tools/modules > /dev/null; then
echo overlay >> /etc/initramfs-tools/modules
fi
update-initramfs -u -k all
if [ -f /etc/default/grub ]; then
sed -i '/\(^\|#\)GRUB_CMDLINE_LINUX=/c\GRUB_CMDLINE_LINUX="boot=embassy"' /etc/default/grub
fi
# change timezone
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/Etc/UTC /etc/localtime
# switch to systemd-resolved & network-manager
echo "#" > /etc/network/interfaces
ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
cat << EOF > /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile
dns=systemd-resolved
[ifupdown]
managed=true
EOF
$SYSTEMCTL enable systemd-resolved.service
$SYSTEMCTL disable wpa_supplicant.service
$SYSTEMCTL disable postgresql.service
$SYSTEMCTL disable bluetooth.service
$SYSTEMCTL disable hciuart.service
$SYSTEMCTL disable triggerhappy.service
$SYSTEMCTL mask sleep.target
$SYSTEMCTL mask suspend.target
$SYSTEMCTL mask hibernate.target
$SYSTEMCTL mask hybrid-sleep.target
if which gsettings > /dev/null; then
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout '0'
gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout '0'
fi
sed -i 's/Restart=on-failure/Restart=always/g' /lib/systemd/system/tor@default.service
sed -i 's/ExecStart=\/usr\/bin\/dockerd/ExecStart=\/usr\/bin\/dockerd --exec-opt native.cgroupdriver=systemd/g' /lib/systemd/system/docker.service
sed -i '/}/i \ \ \ \ application\/wasm \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ wasm;' /etc/nginx/mime.types
sed -i 's/# server_names_hash_bucket_size 64;/server_names_hash_bucket_size 128;/g' /etc/nginx/nginx.conf
sed -i '/\(^\|#\)entries-per-entry-group-max=/c\entries-per-entry-group-max=128' /etc/avahi/avahi-daemon.conf
sed -i '/\(^\|#\)Storage=/c\Storage=persistent' /etc/systemd/journald.conf
sed -i '/\(^\|#\)Compress=/c\Compress=yes' /etc/systemd/journald.conf
sed -i '/\(^\|#\)SystemMaxUse=/c\SystemMaxUse=1G' /etc/systemd/journald.conf
sed -i '/\(^\|#\)ForwardToSyslog=/c\ForwardToSyslog=no' /etc/systemd/journald.conf
mkdir -p /etc/docker
ln -sf /usr/lib/embassy/docker-engine.slice /etc/systemd/system/docker-engine.slice
echo '{ "cgroup-parent": "docker-engine.slice" }' > /etc/docker/daemon.json
mkdir -p /etc/nginx/ssl
# fix to suppress docker warning, fixed in 21.xx release of docker cli: https://github.com/docker/cli/pull/2934
mkdir -p /root/.docker
touch /root/.docker/config.json
cat << EOF > /etc/tor/torrc
SocksPort 0.0.0.0:9050
SocksPolicy accept 127.0.0.1
SocksPolicy accept 172.18.0.0/16
SocksPolicy reject *
ControlPort 9051
CookieAuthentication 1
EOF
rm -rf /var/lib/tor/*
echo "fs.inotify.max_user_watches=1048576" > /etc/sysctl.d/97-embassy.conf
rm -f /etc/motd
ln -sf /usr/lib/embassy/motd /etc/update-motd.d/00-embassy
chmod -x /etc/update-motd.d/*
chmod +x /etc/update-motd.d/00-embassy

42
build/make-image.sh
View File

@@ -1,42 +0,0 @@
#!/bin/bash
set -e
function partition_for () {
if [[ "$1" =~ [0-9]+$ ]]; then
echo "$1p$2"
else
echo "$1$2"
fi
}
SOURCE="${BASH_SOURCE[0]}"
while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )"
SOURCE="$(readlink "$SOURCE")"
[[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
done
DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )"
cd "$DIR/.."
truncate --size=$[(31116287+1)*512] eos.img
if [ -z "$OUTPUT_DEVICE" ]; then
export OUTPUT_DEVICE=$(sudo losetup --show -fP eos.img)
export DETACH_OUTPUT_DEVICE=1
else
export DETACH_OUTPUT_DEVICE=0
sudo dd if=/dev/zero of=$OUTPUT_DEVICE bs=1M count=1
fi
export LOOPDEV=$(sudo losetup --show -fP raspios.img)
./build/partitioning.sh
./build/write-image.sh
sudo e2fsck -f -y `partition_for ${OUTPUT_DEVICE} 3`
sudo resize2fs -M `partition_for ${OUTPUT_DEVICE} 3`
BLOCK_INFO=$(sudo dumpe2fs `partition_for ${OUTPUT_DEVICE} 3`)
BLOCK_COUNT=$(echo "$BLOCK_INFO" | grep "Block count:" | sed 's/Block count:\s\+//g')
BLOCK_SIZE=$(echo "$BLOCK_INFO" | grep "Block size:" | sed 's/Block size:\s\+//g')
echo "YOUR GREEN FILESYSTEM is '$[$BLOCK_COUNT*$BLOCK_SIZE]' BYTES"
echo "IF YOU ARE QUICK-FLASHING FROM MAC-OS, NOTE THIS NUMBER FOR LATER"
if [ "$DETACH_OUTPUT_DEVICE" -eq "1" ]; then
sudo losetup -d $OUTPUT_DEVICE
fi

6
build/partitioning.sh
View File

@@ -1,6 +0,0 @@
#!/bin/bash
set -e
# Use fdisk to create DOS partition table with 4 primary partitions, set 1 as bootable, write, and quite
(echo o; echo x; echo i; echo "0xcb15ae4d"; echo r; echo n; echo p; echo 1; echo 2048; echo 526335; echo t; echo c; echo n; echo p; echo 2; echo 526336; echo 1050623; echo t; echo 2; echo c; echo n; echo p; echo 3; echo 1050624; echo 16083455; echo n; echo p; echo 16083456; echo 31116287; echo a; echo 1; echo w) | sudo fdisk ${OUTPUT_DEVICE} > /dev/null

132
build/quick-flash.sh
View File

@@ -1,132 +0,0 @@
#!/bin/bash
set -e
function mktmpfifo () {
TMP_PATH=$(mktemp)
rm $TMP_PATH
mkfifo $TMP_PATH
echo $TMP_PATH
}
echo 'This script will only work on a card that has previously had a full image written to it.'
echo 'It will *only* flash the ext4 portion (`green` partition) of the img file onto the card.'
echo 'The product key, disk guid, and kernel data will *not* be affected.'
read -p "Continue? [y/N]" -n 1 -r
echo
if ! [[ "$REPLY" =~ ^[Yy]$ ]]; then
exit 1
fi
if ! which pv > /dev/null; then
>&2 echo 'This script would like to use `pv` to show a progress indicator, but it is not installed.'
if which apt-get > /dev/null; then
read -p "Install? [y/N]" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]; then
sudo apt-get install pv
fi
elif which pacman > /dev/null; then
read -p "Install? [y/N]" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]; then
sudo pacman -S pv
fi
elif which brew > /dev/null; then
read -p "Install? [y/N]" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]; then
brew install pv
fi
else
>&2 echo 'This script does not recognize what package manager you have available on your system.'
>&2 echo 'Please go install the utility manually if you want progress reporting.'
fi
fi
if [[ "$(uname)" == "Darwin" ]]; then
export TARGET_PARTITION="/dev/disk$(diskutil list | grep EMBASSY | head -1 | rev | cut -b 3)s3"
if ! test -e $TARGET_PARTITION; then
>&2 echo '`green` partition not found'
exit 1
fi
export SOURCE_DEVICE="$(hdiutil attach -nomount eos.img | head -n1 | sed -E 's/([^ ]+).*$/\1/g')"
export SOURCE_PARTITION="${SOURCE_DEVICE}s3"
function detach () {
hdiutil detach $SOURCE_DEVICE
}
else
if ! test -e /dev/disk/by-label/green; then
>&2 echo '`green` partition not found'
exit 1
fi
export TARGET_PARTITION=$(readlink -f /dev/disk/by-label/green)
export SOURCE_DEVICE="$(sudo losetup --show -fP eos.img)"
export SOURCE_PARTITION="${SOURCE_DEVICE}p3"
function detach () {
sudo losetup -d ${SOURCE_DEVICE}
}
fi
if [[ "$TARGET_PARTITION" =~ ^/dev/loop ]]; then
>&2 echo 'You are currently flashing onto a loop device.'
>&2 echo 'This is probably a mistake, and usually means you failed to detach a .img file.'
read -p "Continue anyway? [y/N]" -n 1 -r
echo
if ! [[ "$REPLY" =~ ^[Yy]$ ]]; then
exit 1
fi
fi
if [[ "$(uname)" == "Darwin" ]]; then
if test -z "$FS_SIZE"; then
read -p "Enter FS Size (shown during make of eos.img)" -r
export FS_SIZE=$REPLY
fi
else
sudo e2fsck -f ${SOURCE_PARTITION}
sudo resize2fs -M ${SOURCE_PARTITION}
export BLOCK_INFO=$(sudo dumpe2fs ${SOURCE_PARTITION})
export BLOCK_COUNT=$(echo "$BLOCK_INFO" | grep "Block count:" | sed 's/Block count:\s\+//g')
export BLOCK_SIZE=$(echo "$BLOCK_INFO" | grep "Block size:" | sed 's/Block size:\s\+//g')
export FS_SIZE=$[$BLOCK_COUNT*$BLOCK_SIZE]
fi
echo "Flashing $FS_SIZE bytes to $TARGET_PARTITION"
if [[ "$(uname)" == "Darwin" ]]; then
if which pv > /dev/null; then
sudo cat ${SOURCE_PARTITION} | head -c $FS_SIZE | pv -s $FS_SIZE | sudo dd of=${TARGET_PARTITION} bs=1m 2>/dev/null
else
sudo cat ${SOURCE_PARTITION} | head -c $FS_SIZE | sudo dd of=${TARGET_PARTITION} bs=1m
fi
else
if which pv > /dev/null; then
sudo cat ${SOURCE_PARTITION} | head -c $FS_SIZE | pv -s $FS_SIZE | sudo dd of=${TARGET_PARTITION} bs=1M iflag=fullblock oflag=direct conv=fsync 2>/dev/null
else
sudo cat ${SOURCE_PARTITION} | head -c $FS_SIZE | sudo dd of=${TARGET_PARTITION} bs=1M iflag=fullblock oflag=direct conv=fsync
fi
fi
echo Verifying...
export INPUT_HASH=$(mktemp)
export OUTPUT_HASH=$(mktemp)
if which pv > /dev/null; then
export PV_IN=$(mktmpfifo)
fi
sudo cat ${SOURCE_PARTITION} | head -c $FS_SIZE | tee -a $PV_IN | sha256sum > $INPUT_HASH &
export INPUT_CHILD=$!
sudo cat ${TARGET_PARTITION} | head -c $FS_SIZE | tee -a $PV_IN | sha256sum > $OUTPUT_HASH &
export OUTPUT_CHILD=$!
if which pv > /dev/null; then
pv -s $[$FS_SIZE*2] < $PV_IN > /dev/null &
fi
wait $INPUT_CHILD $OUTPUT_CHILD
if which pv > /dev/null; then
rm $PV_IN
fi
detach
if ! [[ "$(cat $INPUT_HASH)" == "$(cat $OUTPUT_HASH)" ]]; then
rm $INPUT_HASH $OUTPUT_HASH
>&2 echo Verification Failed
exit 1
fi
rm $INPUT_HASH $OUTPUT_HASH
echo "Verification Succeeded"

5
build/raspberry-pi/config.yaml Normal file
View File

@@ -0,0 +1,5 @@
os-partitions:
boot: /dev/mmcblk0p1
root: /dev/mmcblk0p2
ethernet-interface: eth0
wifi-interface: wlan0

0
build/init-with-sound.sh → build/raspberry-pi/init-with-sound.sh
View File

0
build/initialization.service → build/raspberry-pi/initialization.service
View File

60
build/raspberry-pi/initialization.sh Executable file
View File

@@ -0,0 +1,60 @@
#!/bin/bash
set -e
# introduce start9 username and embassy as default password
if ! awk -F: '{ print $1 }' /etc/passwd | grep start9
then
usermod -l start9 -d /home/start9 -m pi
groupmod --new-name start9 pi
echo start9:embassy | chpasswd
fi
START=$(date +%s)
while ! ping -q -w 1 -c 1 `ip r | grep default | cut -d ' ' -f 3` > /dev/null; do
>&2 echo "Waiting for internet connection..."
sleep 1
if [ "$[$START + 60]" -lt $(date +%s) ]; then
>&2 echo "Timed out waiting for internet connection..."
exit 1
fi
done
echo "Connected to network"
# Convert all repos to use https:// before apt update
sed -i "s/http:/https:/g" /etc/apt/sources.list /etc/apt/sources.list.d/*.list
. /usr/lib/embassy/scripts/add-apt-sources
apt-get update
apt-get upgrade -y
apt-get install -y $(cat /usr/lib/embassy/depends)
apt-get remove --purge -y $(cat /usr/lib/embassy/conflicts) beep
apt-get autoremove -y
systemctl stop tor
. /usr/lib/embassy/scripts/postinst
systemctl enable embassyd.service embassy-init.service
sed -i 's/^/usb-storage.quirks=152d:0562:u,14cd:121c:u,0781:cfcb:u /g' /boot/cmdline.txt
# making that *sudo docker stats* command fulfil its purpose by displaying all metrics
sed -i 's/rootwait quiet.*/rootwait cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory quiet/g' /boot/cmdline.txt
systemctl disable nc-broadcast.service
systemctl disable initialization.service
update-initramfs -c -k "$(uname -r)"
sed -i /boot/config.txt -e "/initramfs.*/d"
echo initramfs "initrd.img-$(uname -r)" >> /boot/config.txt
sed -i /boot/cmdline.txt -e "s/^/boot=embassy /"
passwd -l start9
sync
reboot

18
build/raspberry-pi/make-image.sh Executable file
View File

@@ -0,0 +1,18 @@
#!/bin/bash
set -e
function partition_for () {
if [[ "$1" =~ [0-9]+$ ]]; then
echo "$1p$2"
else
echo "$1$2"
fi
}
cp raspios.img embassyos-raspi.img
export OUTPUT_DEVICE=$(sudo losetup --show -fP embassyos-raspi.img)
./build/raspberry-pi/write-image.sh
sudo e2fsck -f -y `partition_for ${OUTPUT_DEVICE} 2`
sudo resize2fs -M `partition_for ${OUTPUT_DEVICE} 2`
sudo losetup -d $OUTPUT_DEVICE

0
build/nc-broadcast.service → build/raspberry-pi/nc-broadcast.service
View File

0
build/rip-image.sh → build/raspberry-pi/rip-image.sh
View File

55
build/raspberry-pi/write-image.sh Executable file
View File

@@ -0,0 +1,55 @@
#!/bin/bash
set -e
function partition_for () {
if [[ "$1" =~ [0-9]+$ ]]; then
echo "$1p$2"
else
echo "$1$2"
fi
}
# Mount the boot partition and config
mkdir -p /tmp/eos-mnt
sudo mount `partition_for ${OUTPUT_DEVICE} 1` /tmp/eos-mnt
cat /tmp/eos-mnt/config.txt | grep -v "dtoverlay=" | sudo tee /tmp/eos-mnt/config.txt.tmp > /dev/null
echo "dtoverlay=pwm-2chan,disable-bt" | sudo tee -a /tmp/eos-mnt/config.txt.tmp > /dev/null
echo "gpu_mem=16" | sudo tee -a /tmp/eos-mnt/config.txt.tmp > /dev/null
sudo mv /tmp/eos-mnt/config.txt.tmp /tmp/eos-mnt/config.txt
sudo touch /tmp/eos-mnt/ssh
sudo umount /tmp/eos-mnt
sudo mount `partition_for ${OUTPUT_DEVICE} 2` /tmp/eos-mnt
sudo mkdir /tmp/eos-mnt/media/embassy/
sudo make install ARCH=aarch64 DESTDIR=/tmp/eos-mnt
sudo sed -i 's/raspberrypi/embassy/g' /tmp/eos-mnt/etc/hostname
sudo sed -i 's/raspberrypi/embassy/g' /tmp/eos-mnt/etc/hosts
sudo cp cargo-deps/aarch64-unknown-linux-gnu/release/nc-broadcast /tmp/eos-mnt/usr/local/bin
sudo cp backend/*.service /tmp/eos-mnt/etc/systemd/system/
sudo mkdir -p /tmp/eos-mnt/etc/embassy
sudo cp build/raspberry-pi/config.yaml /tmp/eos-mnt/etc/embassy/config.yaml
# Make the .ssh directory for UID 1000 user
sudo mkdir -p /tmp/eos-mnt/home/$(awk -v val=1000 -F ":" '$3==val{print $1}' /tmp/eos-mnt/etc/passwd)/.ssh
sudo mv /tmp/eos-mnt/etc/sudoers.d/010_pi-nopasswd /tmp/eos-mnt/etc/sudoers.d/010_start9-nopasswd
sudo sed -i 's/pi/start9/g' /tmp/eos-mnt/etc/sudoers.d/010_start9-nopasswd
sudo sed -i 's/ pi / start9 /g' /tmp/eos-mnt/etc/systemd/system/autologin@.service
if [[ "$ENVIRONMENT" =~ (^|-)dev($|-) ]]; then
cat ./build/raspberry-pi/initialization.sh | grep -v "passwd -l start9" | sudo tee /tmp/eos-mnt/usr/local/bin/initialization.sh > /dev/null
sudo chmod +x /tmp/eos-mnt/usr/local/bin/initialization.sh
else
sudo cp ./build/raspberry-pi/initialization.sh /tmp/eos-mnt/usr/local/bin
fi
sudo cp ./build/raspberry-pi/init-with-sound.sh /tmp/eos-mnt/usr/local/bin
sudo cp ./build/raspberry-pi/initialization.service /tmp/eos-mnt/etc/systemd/system/initialization.service
sudo ln -s /etc/systemd/system/initialization.service /tmp/eos-mnt/etc/systemd/system/multi-user.target.wants/initialization.service
sudo cp ./build/raspberry-pi/nc-broadcast.service /tmp/eos-mnt/etc/systemd/system/nc-broadcast.service
sudo ln -s /etc/systemd/system/nc-broadcast.service /tmp/eos-mnt/etc/systemd/system/multi-user.target.wants/nc-broadcast.service
sudo umount /tmp/eos-mnt

105
build/write-image.sh
View File

@@ -1,105 +0,0 @@
#!/bin/bash
set -e
function partition_for () {
if [[ "$1" =~ [0-9]+$ ]]; then
echo "$1p$2"
else
echo "$1$2"
fi
}
# Write contents of LOOPDEV (Ubuntu image) to sd card and make filesystems, then detach the loop device
echo USING $LOOPDEV TO IMAGE $OUTPUT_DEVICE WITH ENVIRONMENT $ENVIRONMENT
sudo dd if=${LOOPDEV}p1 of=`partition_for ${OUTPUT_DEVICE} 1` bs=1M iflag=fullblock oflag=direct conv=fsync status=progress
sudo mkfs.vfat -F 32 `partition_for ${OUTPUT_DEVICE} 2`
sudo dd if=${LOOPDEV}p2 of=`partition_for ${OUTPUT_DEVICE} 3` bs=1M iflag=fullblock oflag=direct conv=fsync status=progress
sudo mkfs.ext4 `partition_for ${OUTPUT_DEVICE} 4`
sudo losetup -d $LOOPDEV
# Label the filesystems
sudo fatlabel `partition_for ${OUTPUT_DEVICE} 1` system-boot
sudo fatlabel `partition_for ${OUTPUT_DEVICE} 2` EMBASSY
sudo e2label `partition_for ${OUTPUT_DEVICE} 3` green
sudo e2label `partition_for ${OUTPUT_DEVICE} 4` blue
# Mount the boot partition and config
mkdir -p /tmp/eos-mnt
sudo mount `partition_for ${OUTPUT_DEVICE} 1` /tmp/eos-mnt
sudo sed -i 's/PARTUUID=cb15ae4d-02/PARTUUID=cb15ae4d-03/g' /tmp/eos-mnt/cmdline.txt
sudo sed -i 's/ init=\/usr\/lib\/raspi-config\/init_resize.sh//g' /tmp/eos-mnt/cmdline.txt
cat /tmp/eos-mnt/config.txt | grep -v "dtoverlay=" | sudo tee /tmp/eos-mnt/config.txt.tmp > /dev/null
echo "dtoverlay=pwm-2chan,disable-bt" | sudo tee -a /tmp/eos-mnt/config.txt.tmp > /dev/null
echo "gpu_mem=16" | sudo tee -a /tmp/eos-mnt/config.txt.tmp > /dev/null
sudo mv /tmp/eos-mnt/config.txt.tmp /tmp/eos-mnt/config.txt
sudo touch /tmp/eos-mnt/ssh
sudo umount /tmp/eos-mnt
sudo mount `partition_for ${OUTPUT_DEVICE} 3` /tmp/eos-mnt
sudo mkdir /tmp/eos-mnt/media/boot-rw
sudo mkdir /tmp/eos-mnt/embassy-os
sudo mkdir /tmp/eos-mnt/etc/embassy
sudo cp ENVIRONMENT.txt /tmp/eos-mnt/etc/embassy
sudo cp GIT_HASH.txt /tmp/eos-mnt/etc/embassy
sudo cp build/fstab /tmp/eos-mnt/etc/fstab
sudo cp build/journald.conf /tmp/eos-mnt/etc/systemd/journald.conf
sudo sed -i 's/raspberrypi/embassy/g' /tmp/eos-mnt/etc/hostname
sudo sed -i 's/raspberrypi/embassy/g' /tmp/eos-mnt/etc/hosts
# copy over cargo dependencies
sudo cp cargo-deps/aarch64-unknown-linux-gnu/release/nc-broadcast /tmp/eos-mnt/usr/local/bin
# Enter the backend directory, copy over the built embassyOS binaries and systemd services, edit the nginx config, then create the .ssh directory
cd backend/
sudo cp target/aarch64-unknown-linux-gnu/release/embassy-init /tmp/eos-mnt/usr/local/bin
sudo cp target/aarch64-unknown-linux-gnu/release/embassyd /tmp/eos-mnt/usr/local/bin
sudo cp target/aarch64-unknown-linux-gnu/release/embassy-cli /tmp/eos-mnt/usr/local/bin
sudo cp target/aarch64-unknown-linux-gnu/release/avahi-alias /tmp/eos-mnt/usr/local/bin
sudo cp *.service /tmp/eos-mnt/etc/systemd/system/
cd ..
# Copy system images
sudo mkdir -p /tmp/eos-mnt/var/lib/embassy/system-images
sudo cp system-images/**/*.tar /tmp/eos-mnt/var/lib/embassy/system-images
# after performing npm run build
sudo mkdir -p /tmp/eos-mnt/var/www/html
sudo cp -R frontend/dist/diagnostic-ui /tmp/eos-mnt/var/www/html/diagnostic
sudo cp -R frontend/dist/setup-wizard /tmp/eos-mnt/var/www/html/setup
sudo cp -R frontend/dist/ui /tmp/eos-mnt/var/www/html/main
sudo cp index.html /tmp/eos-mnt/var/www/html/index.html
# Make the .ssh directory for UID 1000 user
sudo mkdir -p /tmp/eos-mnt/home/$(awk -v val=1000 -F ":" '$3==val{print $1}' /tmp/eos-mnt/etc/passwd)/.ssh
sudo mv /tmp/eos-mnt/etc/sudoers.d/010_pi-nopasswd /tmp/eos-mnt/etc/sudoers.d/010_start9-nopasswd
sudo sed -i 's/pi/start9/g' /tmp/eos-mnt/etc/sudoers.d/010_start9-nopasswd
sudo sed -i 's/ pi / start9 /g' /tmp/eos-mnt/etc/systemd/system/autologin@.service
# Custom MOTD
sudo rm /tmp/eos-mnt/etc/motd
sudo cp ./build/00-embassy /tmp/eos-mnt/etc/update-motd.d
sudo chmod -x /tmp/eos-mnt/etc/update-motd.d/*
sudo chmod +x /tmp/eos-mnt/etc/update-motd.d/00-embassy
if [[ "$ENVIRONMENT" =~ (^|-)dev($|-) ]]; then
cat ./build/initialization.sh | grep -v "passwd -l start9" | sudo tee /tmp/eos-mnt/usr/local/bin/initialization.sh > /dev/null
sudo chmod +x /tmp/eos-mnt/usr/local/bin/initialization.sh
else
sudo cp ./build/initialization.sh /tmp/eos-mnt/usr/local/bin
fi
sudo cp ./build/init-with-sound.sh /tmp/eos-mnt/usr/local/bin
sudo cp ./build/initialization.service /tmp/eos-mnt/etc/systemd/system/initialization.service
sudo ln -s /etc/systemd/system/initialization.service /tmp/eos-mnt/etc/systemd/system/multi-user.target.wants/initialization.service
sudo cp ./build/nc-broadcast.service /tmp/eos-mnt/etc/systemd/system/nc-broadcast.service
sudo ln -s /etc/systemd/system/nc-broadcast.service /tmp/eos-mnt/etc/systemd/system/multi-user.target.wants/nc-broadcast.service
sudo umount /tmp/eos-mnt