switch base os to raspberry pi os

minor fixes

more robust

.gitignore

@@ -2,6 +2,8 @@
 .idea
 /*.img
 /*.img.gz
-/ubuntu.img.xz
+/*.img.xz
+/*-raspios-bullseye-arm64-lite.img
+/*-raspios-bullseye-arm64-lite.zip
 /product_key.txt
 .vscode/settings.json

Makefile

@@ -1,6 +1,6 @@
 EMBASSY_BINS := backend/target/aarch64-unknown-linux-gnu/release/embassyd backend/target/aarch64-unknown-linux-gnu/release/embassy-init backend/target/aarch64-unknown-linux-gnu/release/embassy-cli backend/target/aarch64-unknown-linux-gnu/release/embassy-sdk
 EMBASSY_UIS := frontend/dist/ui frontend/dist/setup-wizard frontend/dist/diagnostic-ui
-EMBASSY_SRC := ubuntu.img product_key.txt $(EMBASSY_BINS) backend/embassyd.service backend/embassy-init.service $(EMBASSY_UIS) $(shell find build)
+EMBASSY_SRC := raspios.img product_key.txt $(EMBASSY_BINS) backend/embassyd.service backend/embassy-init.service $(EMBASSY_UIS) $(shell find build)
 COMPAT_SRC := $(shell find system-images/compat/src)
 UTILS_SRC := $(shell find system-images/utils/Dockerfile)
 BACKEND_SRC := $(shell find backend/src) $(shell find patch-db/*/src) $(shell find rpc-toolkit/*/src) backend/Cargo.toml backend/Cargo.lock
@@ -38,9 +38,10 @@ system-images/compat/compat.tar: $(COMPAT_SRC)
 system-images/utils/utils.tar: $(UTILS_SRC)
 	cd system-images/utils && DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build --tag start9/x_system/utils --platform=linux/arm64 -o type=docker,dest=utils.tar .
 
-ubuntu.img:
-	wget -O ubuntu.img.xz https://cdimage.ubuntu.com/releases/21.10/release/ubuntu-21.10-preinstalled-server-arm64+raspi.img.xz
-	unxz ubuntu.img.xz
+raspios.img:
+	wget https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2022-01-28/2022-01-28-raspios-bullseye-arm64-lite.zip
+	unzip 2022-01-28-raspios-bullseye-arm64-lite.zip
+	mv 2022-01-28-raspios-bullseye-arm64-lite.img raspios.img
 
 product_key.txt:
 	$(shell which echo) -n "X" > product_key.txt
@@ -69,4 +70,4 @@ patch-db/client/dist: $(PATCH_DB_CLIENT_SRC) patch-db/client/node_modules
 	npm --prefix patch-db/client run build
 
 # this is a convenience step to build all frontends - it is not referenced elsewhere in this file
-frontend: frontend/node_modules $(EMBASSY_UIS) 
+frontend: frontend/node_modules $(EMBASSY_UIS) 

backend/src/init.rs

@@ -57,7 +57,7 @@ pub async fn init(cfg: &RpcContextConfig, product_key: &str) -> Result<(), Error
         .await?;
     tracing::info!("Mounted Docker Data");
 
-    if should_rebuild {
+    if should_rebuild || !tmp_docker_exists {
         tracing::info!("Loading System Docker Images");
         crate::install::load_images("/var/lib/embassy/system-images").await?;
         tracing::info!("Loaded System Docker Images");

backend/src/update/mod.rs

@@ -104,6 +104,12 @@ impl WritableDrives {
             Self::Blue => "/dev/mmcblk0p4",
         })
     }
+    fn part_uuid(&self) -> &'static str {
+        match self {
+            Self::Green => "cb15ae4d-03",
+            Self::Blue => "cb15ae4d-04",
+        }
+    }
     fn as_fs(&self) -> impl FileSystem {
         BlockDev::new(self.block_dev())
     }
@@ -391,17 +397,22 @@ async fn swap_boot_label(new_label: NewLabel) -> Result<(), Error> {
         .invoke(crate::ErrorKind::BlockDevice)
         .await?;
     let mounted = TmpMountGuard::mount(&new_label.0.as_fs()).await?;
-    let sedcmd = format!("s/LABEL=\\(blue\\|green\\)/LABEL={}/g", new_label.0.label());
     Command::new("sed")
         .arg("-i")
-        .arg(&sedcmd)
+        .arg(&format!(
+            "s/LABEL=\\(blue\\|green\\)/LABEL={}/g",
+            new_label.0.label()
+        ))
         .arg(mounted.as_ref().join("etc/fstab"))
         .output()
         .await?;
     mounted.unmount().await?;
     Command::new("sed")
         .arg("-i")
-        .arg(&sedcmd)
+        .arg(&format!(
+            "s/PARTUUID=cb15ae4d-\\(03\\|04\\)/PARTUUID={}/g",
+            new_label.0.part_uuid()
+        ))
         .arg(Path::new(BOOT_RW_PATH).join("cmdline.txt"))
         .output()
         .await?;

build/fstab

@@ -1,4 +1,4 @@
 LABEL=green	/	ext4	discard,errors=remount-ro	0	1
 LABEL=system-boot	/media/boot-rw	vfat	defaults	0	1
-/media/boot-rw	/boot/firmware	none	defaults,bind,ro	0	0
+/media/boot-rw	/boot	none	defaults,bind,ro	0	0
 LABEL=EMBASSY	/embassy-os	vfat	defaults	0	1

build/initialization.service

@@ -1,8 +1,11 @@
 [Unit]
 Description=Boot process for system initialization.
+After=network-online.target systemd-time-wait-sync.service
 
 [Service]
 Type=oneshot
+Restart=on-failure
+RestartSec=5s
 ExecStart=/usr/local/bin/initialization.sh
 RemainAfterExit=true
 

build/initialization.sh

@@ -4,14 +4,12 @@
 set -e
 
 ! test -f /etc/docker/daemon.json || rm /etc/docker/daemon.json
-mount -o remount,rw /boot/firmware
+mount -o remount,rw /boot
+
+curl -fsSL https://get.docker.com | sh # TODO: commit this script into git instead of live fetching it
 
 apt-get update
-apt-get purge -y \
-	bluez \
-	unattended-upgrades
 apt-get install -y \
-	docker.io \
 	tor \
 	nginx \
 	libavahi-client3 \
@@ -19,6 +17,8 @@ apt-get install -y \
 	avahi-utils \
 	iotop \
 	bmon \
+	lvm2 \
+	cryptsetup \
 	exfat-utils \
 	sqlite3 \
 	wireless-tools \
@@ -27,13 +27,9 @@ apt-get install -y \
 	cifs-utils \
 	samba-common-bin \
 	ntp \
-	network-manager \
-	linux-modules-extra-raspi
+	network-manager
 apt-get autoremove -y
 apt-get upgrade -y
-if [[ "$(uname -r)" = "5.13.0-1008-raspi" ]]; then
-	reboot
-fi
 
 sed -i 's/Restart=on-failure/Restart=always/g' /lib/systemd/system/tor@default.service
 sed -i '/}/i \ \ \ \ application\/wasm \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ wasm;' /etc/nginx/mime.types
@@ -62,9 +58,10 @@ ControlPort 9051
 CookieAuthentication 1
 EOF
 
-echo 'overlayroot="tmpfs":swap=1,recurse=0' > /etc/overlayroot.local.conf
+raspi-config nonint enable_overlayfs
 systemctl disable initialization.service
 sudo systemctl restart NetworkManager
 sync
 
-cloud-init clean --reboot
+# TODO: clean out ssh host keys
+reboot

build/make-image.sh

@@ -12,8 +12,13 @@ DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )"
 cd $DIR/..
 
 truncate --size=$[(31116287+1)*512] eos.img
-export OUTPUT_DEVICE=$(sudo losetup --show -fP eos.img)
-export LOOPDEV=$(sudo losetup --show -fP ubuntu.img)
+if [ -z "$OUTPUT_DEVICE" ]; then
+  export OUTPUT_DEVICE=$(sudo losetup --show -fP eos.img)
+  export DETACH_OUTPUT_DEVICE=1
+else
+  export DETACH_OUTPUT_DEVICE=0
+fi
+export LOOPDEV=$(sudo losetup --show -fP raspios.img)
 ./build/partitioning.sh
 ./build/write-image.sh
 sudo e2fsck -f ${OUTPUT_DEVICE}p3
@@ -23,4 +28,6 @@ BLOCK_COUNT=$(echo "$BLOCK_INFO" | grep "Block count:" | sed 's/Block count:\s\+
 BLOCK_SIZE=$(echo "$BLOCK_INFO" | grep "Block size:" | sed 's/Block size:\s\+//g')
 echo "YOUR GREEN FILESYSTEM is '$[$BLOCK_COUNT*$BLOCK_SIZE]' BYTES"
 echo "IF YOU ARE QUICK-FLASHING FROM MAC-OS, NOTE THIS NUMBER FOR LATER"
-sudo losetup -d $OUTPUT_DEVICE
+if [ "$DETACH_OUTPUT_DEVICE" -eq "1" ]; then
+  sudo losetup -d $OUTPUT_DEVICE
+fi

build/partitioning.sh

@@ -3,4 +3,4 @@
 set -e
 
 # Use fdisk to create DOS partition table with 4 primary partitions, set 1 as bootable, write, and quite
-(echo o; echo n; echo p; echo 1; echo 2048; echo 526335; echo t; echo c; echo n; echo p; echo 2; echo 526336; echo 1050623; echo t; echo 2; echo c; echo n; echo p; echo 3; echo 1050624; echo 16083455; echo n; echo p; echo 16083456; echo 31116287; echo a; echo 1; echo w) | sudo fdisk ${OUTPUT_DEVICE}
+(echo o; echo x; echo i; echo "0xcb15ae4d"; echo r; echo n; echo p; echo 1; echo 2048; echo 526335; echo t; echo c; echo n; echo p; echo 2; echo 526336; echo 1050623; echo t; echo 2; echo c; echo n; echo p; echo 3; echo 1050624; echo 16083455; echo n; echo p; echo 16083456; echo 31116287; echo a; echo 1; echo w) | sudo fdisk ${OUTPUT_DEVICE}

build/write-image.sh

@@ -27,7 +27,8 @@ else
 	sudo cp build/user-data /tmp/eos-mnt/user-data
 fi
 
-sudo sed -i 's/LABEL=writable/LABEL=green/g' /tmp/eos-mnt/cmdline.txt
+sudo sed -i 's/PARTUUID=cb15ae4d-02/PARTUUID=cb15ae4d-03/g' /tmp/eos-mnt/cmdline.txt
+sudo sed -i 's/ init=\/usr\/lib\/raspi-config\/init_resize.sh//g' /tmp/eos-mnt/cmdline.txt
 # create a copy of the cmdline *without* the quirk string, so that it can be easily amended
 sudo cp /tmp/eos-mnt/cmdline.txt /tmp/eos-mnt/cmdline.txt.orig
 sudo sed -i 's/^/usb-storage.quirks=152d:0562:u /g' /tmp/eos-mnt/cmdline.txt
@@ -35,6 +36,7 @@ sudo sed -i 's/^/usb-storage.quirks=152d:0562:u /g' /tmp/eos-mnt/cmdline.txt
 cat /tmp/eos-mnt/config.txt | grep -v "dtoverlay=" | sudo tee /tmp/eos-mnt/config.txt.tmp
 echo "dtoverlay=pwm-2chan,disable-bt" | sudo tee -a /tmp/eos-mnt/config.txt.tmp
 sudo mv /tmp/eos-mnt/config.txt.tmp /tmp/eos-mnt/config.txt
+sudo touch /tmp/eos-mnt/ssh
 
 # Unmount the boot partition and mount embassy partition
 sudo umount /tmp/eos-mnt
@@ -72,13 +74,13 @@ sudo cp -R frontend/dist/ui /tmp/eos-mnt/var/www/html/main
 sudo mkdir -p /tmp/eos-mnt/root/.ssh
 
 # Custom MOTD
-sudo sed -i 's/ENABLED=1/ENABLED=0/g' /tmp/eos-mnt/etc/default/motd-news
-sudo rm /tmp/eos-mnt/etc/update-motd.d/50-landscape-sysinfo
-sudo cp ./build/00-embassy /tmp/eos-mnt/etc/update-motd.d
-sudo chmod -x /tmp/eos-mnt/etc/update-motd.d/*
-sudo chmod +x /tmp/eos-mnt/etc/update-motd.d/00-embassy
-sudo chmod +x /tmp/eos-mnt/etc/update-motd.d/90-updates-available
-sudo chmod +x /tmp/eos-mnt/etc/update-motd.d/95-hwe-eol
+#sudo sed -i 's/ENABLED=1/ENABLED=0/g' /tmp/eos-mnt/etc/default/motd-news
+#sudo rm /tmp/eos-mnt/etc/update-motd.d/50-landscape-sysinfo
+#sudo cp ./build/00-embassy /tmp/eos-mnt/etc/update-motd.d
+#sudo chmod -x /tmp/eos-mnt/etc/update-motd.d/*
+#sudo chmod +x /tmp/eos-mnt/etc/update-motd.d/00-embassy
+#sudo chmod +x /tmp/eos-mnt/etc/update-motd.d/90-updates-available
+#sudo chmod +x /tmp/eos-mnt/etc/update-motd.d/95-hwe-eol
 
 sudo cp ./build/initialization.sh /tmp/eos-mnt/usr/local/bin