From 19bc500bf13a255c26950c8167448afa22730c29 Mon Sep 17 00:00:00 2001 From: hibby Date: Wed, 4 Sep 2024 12:58:48 +0100 Subject: [PATCH] Hibbian image spec for pi4 added --- .gitignore | 4 + .../trusted.gpg.d/hibbian-archive-keyring.gpg | Bin 0 -> 1183 bytes etc/apt/trusted.gpg.d/htop | Bin 0 -> 1183 bytes raspi_4_hibbian.yaml | 199 ++++++++++++++++++ 4 files changed, 203 insertions(+) create mode 100644 etc/apt/trusted.gpg.d/hibbian-archive-keyring.gpg create mode 100644 etc/apt/trusted.gpg.d/htop create mode 100644 raspi_4_hibbian.yaml diff --git a/.gitignore b/.gitignore index 8beb53c..24499d4 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,7 @@ raspi_1_trixie.yaml raspi_2_trixie.yaml raspi_3_trixie.yaml raspi_4_trixie.yaml +*.log +*.img.xz +*.img.gz +*.img diff --git a/etc/apt/trusted.gpg.d/hibbian-archive-keyring.gpg b/etc/apt/trusted.gpg.d/hibbian-archive-keyring.gpg new file mode 100644 index 0000000000000000000000000000000000000000..55b44ed2525b070c2c2bb7f22b35d76619a85778 GIT binary patch literal 1183 zcmV;Q1YrA_0u2Oaz_-K!5CHBJRf=$lA<9w|#bAa7)%N%w(A2MTTx?gmrgyWxgkay)T`P<%QZBA-c5)9h9qMN)%4>2>?_tZFDi6lEmM2*w0Z! zgjrKga&PNl!cdBMNk4iA!2%-7l>5V#31Z^qI&_A4nn$`z@IeT}Dd7&;Ry4dJ z`7Sf13A9MTImUU)(OB$kU^hS;E^?Ys+(29y_zAM%5L)>(MGluW%FKtvO^J=SJ4+la zsVG9!Z9kwdsSA%0xu~~GOg2X|r5&X0y>DWmzmRVlzX`S%scZC)yRNy4F>QVwu|@~P5rJ-8^D@pc{_r) zguZ(hWDNK~(Gmt9FJirB%gvjlDnao{Nq`zuJ3{lyOVBm%p$F3sC9bdc%&}2KZJ+4k z9r4FUXh(YmCw%}B0RRECJZ))iX)R)PX>4RHbKy6`ocV%pBE@)|DVrgM+E^l&YK8XTO1QP)Y05}#Q1fl>-km+=CO{CQ&v0GGb zRnrY976k%kz_-K#8!rV52?z%Q1{Dek2nzxP76JnS0v-VZ7k~f?2@qRUZdKC_C>Grb z5CEs}G8~V3TCdbI;MsrK1WF0ckNmm*GEgo{U8ZaVj95=PzIxDV9i4NI+>X8UfRUAG zkz`iQiE@Td;U~02r+$?~lD)97CozzI{k}8$Oz4}sNhXCysiy`4i#R*k6B8dQY*VE9nPpB5q|gvKi&GK$a)+l+0uMSpOL zG1**%_~SxEW9KlcK){~R+vp}v<_<4hXmJT@VjguMj3k&^6Lo_D`X~@Xd5>;hC+8Sy zmQ|}%%>Cqt(y(cD@;5Dn4*K?3Yo7@EaMqug>j`MJS26Z3ht94{P~<~H-~t>v+0^VT zW(@WSykwhM0AQig55Esvg`u^}GaYomk)Jd*(`z(B1O2Ju>tm?INcTT;#n>caAJ9yp z9|>6sOPLY$ZlF{!(CJ^hLuo!KoBRhEcYZzIbSnGR86l;B=G4OKhXnAvr$Mt%r@VaT zGG*KBE>fct%+*aJYCy|Ug%6crZg@&})AtkW7yRR(EPc*ANp0)R96xUrKAo3;?3F}$ z^bqNhyOIb!LwB3O>$tIf)3&Aq(7=U=fjjiqUKr$+wxN-*>`-*+K xxFnrhL}hs8M;O-$C9S*va@YS>BE5vV_QV90>pb literal 0 HcmV?d00001 diff --git a/etc/apt/trusted.gpg.d/htop b/etc/apt/trusted.gpg.d/htop new file mode 100644 index 0000000000000000000000000000000000000000..55b44ed2525b070c2c2bb7f22b35d76619a85778 GIT binary patch literal 1183 zcmV;Q1YrA_0u2Oaz_-K!5CHBJRf=$lA<9w|#bAa7)%N%w(A2MTTx?gmrgyWxgkay)T`P<%QZBA-c5)9h9qMN)%4>2>?_tZFDi6lEmM2*w0Z! zgjrKga&PNl!cdBMNk4iA!2%-7l>5V#31Z^qI&_A4nn$`z@IeT}Dd7&;Ry4dJ z`7Sf13A9MTImUU)(OB$kU^hS;E^?Ys+(29y_zAM%5L)>(MGluW%FKtvO^J=SJ4+la zsVG9!Z9kwdsSA%0xu~~GOg2X|r5&X0y>DWmzmRVlzX`S%scZC)yRNy4F>QVwu|@~P5rJ-8^D@pc{_r) zguZ(hWDNK~(Gmt9FJirB%gvjlDnao{Nq`zuJ3{lyOVBm%p$F3sC9bdc%&}2KZJ+4k z9r4FUXh(YmCw%}B0RRECJZ))iX)R)PX>4RHbKy6`ocV%pBE@)|DVrgM+E^l&YK8XTO1QP)Y05}#Q1fl>-km+=CO{CQ&v0GGb zRnrY976k%kz_-K#8!rV52?z%Q1{Dek2nzxP76JnS0v-VZ7k~f?2@qRUZdKC_C>Grb z5CEs}G8~V3TCdbI;MsrK1WF0ckNmm*GEgo{U8ZaVj95=PzIxDV9i4NI+>X8UfRUAG zkz`iQiE@Td;U~02r+$?~lD)97CozzI{k}8$Oz4}sNhXCysiy`4i#R*k6B8dQY*VE9nPpB5q|gvKi&GK$a)+l+0uMSpOL zG1**%_~SxEW9KlcK){~R+vp}v<_<4hXmJT@VjguMj3k&^6Lo_D`X~@Xd5>;hC+8Sy zmQ|}%%>Cqt(y(cD@;5Dn4*K?3Yo7@EaMqug>j`MJS26Z3ht94{P~<~H-~t>v+0^VT zW(@WSykwhM0AQig55Esvg`u^}GaYomk)Jd*(`z(B1O2Ju>tm?INcTT;#n>caAJ9yp z9|>6sOPLY$ZlF{!(CJ^hLuo!KoBRhEcYZzIbSnGR86l;B=G4OKhXnAvr$Mt%r@VaT zGG*KBE>fct%+*aJYCy|Ug%6crZg@&})AtkW7yRR(EPc*ANp0)R96xUrKAo3;?3F}$ z^bqNhyOIb!LwB3O>$tIf)3&Aq(7=U=fjjiqUKr$+wxN-*>`-*+K xxFnrhL}hs8M;O-$C9S*va@YS>BE5vV_QV90>pb literal 0 HcmV?d00001 diff --git a/raspi_4_hibbian.yaml b/raspi_4_hibbian.yaml new file mode 100644 index 0000000..be3ee5a --- /dev/null +++ b/raspi_4_hibbian.yaml @@ -0,0 +1,199 @@ +--- +# See https://wiki.debian.org/RaspberryPi3 for known issues and more details. +# image.yml based on revision: ff7fdbf (Switch from qemu-debootstrap to debootstrap., 2024-01-01) + +steps: + - mkimg: "{{ output }}" + size: 2500M + + - mklabel: msdos + device: "{{ output }}" + + - mkpart: primary + fs-type: 'fat32' + device: "{{ output }}" + start: 4MiB + end: 512MiB + tag: tag-firmware + + - mkpart: primary + device: "{{ output }}" + start: 512MiB + end: 100% + tag: tag-root + + - kpartx: "{{ output }}" + + - mkfs: vfat + partition: tag-firmware + label: RASPIFIRM + + - mkfs: ext4 + partition: tag-root + label: RASPIROOT + + - mount: tag-root + + - mount: tag-firmware + mount-on: tag-root + dirname: '/boot/firmware' + + - unpack-rootfs: tag-root + + - debootstrap: bookworm + require_empty_target: false + mirror: http://deb.debian.org/debian + target: tag-root + arch: arm64 + components: + - main + - non-free-firmware + - non-free + unless: rootfs_unpacked + + - create-file: /etc/apt/sources.list + contents: |+ + deb http://deb.debian.org/debian bookworm main non-free-firmware non-free + deb http://deb.debian.org/debian bookworm-updates main non-free-firmware non-free + deb http://security.debian.org/debian-security bookworm-security main non-free-firmware non-free + # Backports are _not_ enabled by default. + # Enable them by uncommenting the following line: + deb http://deb.debian.org/debian bookworm-backports main non-free-firmware + + - create-file: /etc/apt/preferences.d/hibbian.pref + contents: |+ + Package: * + Pin: release o=Hibbian + Pin-Priority: 600 + + - create-file: /etc/apt/preferences.d/hibbian.pref + contents: |+ + Package: linux-image + Pin: release o=Debian Backports + Pin-Priority: 500 + + - create-file: /etc/apt/sources.list.d/hibbian.list + contents: |+ + deb http://repo.hibbian.org/hibbian bookworm-hibbian-unstable main non-free-firmware non-free + + - copy-file: /etc/apt/trusted.gpg.d/hibbian-archive-keyring.gpg + src: etc/apt/trusted.gpg.d/hibbian-archive-keyring.gpg + perm: 0755 + + - copy-file: /etc/initramfs-tools/hooks/rpi-resizerootfs + src: rootfs/etc/initramfs-tools/hooks/rpi-resizerootfs + perm: 0755 + unless: rootfs_unpacked + + - copy-file: /etc/initramfs-tools/scripts/local-bottom/rpi-resizerootfs + src: rootfs/etc/initramfs-tools/scripts/local-bottom/rpi-resizerootfs + perm: 0755 + unless: rootfs_unpacked + + - apt: install + packages: + - ca-certificates + - dosfstools + - iw + - parted + - openssh-server + - network-manager + - systemd-timesyncd + - linux-image-arm64 + - raspi-firmware + - firmware-brcm80211 + - bluez-firmware + - base-files + - linbpq + - sudo + - vim-nox + - net-tools + tag: tag-root + + - cache-rootfs: tag-root + unless: rootfs_unpacked + + - shell: | + echo "hibbian-$(date +%Y%m%d)" > "${ROOT?}/etc/hostname" + + # Allow root logins locally with no password + sed -i 's,root:[^:]*:,root::,' "${ROOT?}/etc/shadow" + + install -m 644 -o root -g root rootfs/etc/fstab "${ROOT?}/etc/fstab" + + install -m 644 -o root -g root rootfs/etc/network/interfaces.d/eth0 "${ROOT?}/etc/network/interfaces.d/eth0" + install -m 600 -o root -g root rootfs/etc/network/interfaces.d/wlan0 "${ROOT?}/etc/network/interfaces.d/wlan0" + + install -m 755 -o root -g root rootfs/usr/local/sbin/rpi-set-sysconf "${ROOT?}/usr/local/sbin/rpi-set-sysconf" + install -m 644 -o root -g root rootfs/etc/systemd/system/rpi-set-sysconf.service "${ROOT?}/etc/systemd/system/" + install -m 644 -o root -g root rootfs/boot/firmware/sysconf.txt "${ROOT?}/boot/firmware/sysconf.txt" + mkdir -p "${ROOT?}/etc/systemd/system/basic.target.requires/" + ln -s /etc/systemd/system/rpi-set-sysconf.service "${ROOT?}/etc/systemd/system/basic.target.requires/rpi-set-sysconf.service" + + # Resize script is now in the initrd for first boot; no need to ship it. + rm -f "${ROOT?}/etc/initramfs-tools/hooks/rpi-resizerootfs" + rm -f "${ROOT?}/etc/initramfs-tools/scripts/local-bottom/rpi-resizerootfs" + + install -m 644 -o root -g root rootfs/etc/systemd/system/rpi-reconfigure-raspi-firmware.service "${ROOT?}/etc/systemd/system/" + mkdir -p "${ROOT?}/etc/systemd/system/multi-user.target.requires/" + ln -s /etc/systemd/system/rpi-reconfigure-raspi-firmware.service "${ROOT?}/etc/systemd/system/multi-user.target.requires/rpi-reconfigure-raspi-firmware.service" + + install -m 644 -o root -g root rootfs/etc/systemd/system/rpi-generate-ssh-host-keys.service "${ROOT?}/etc/systemd/system/" + ln -s /etc/systemd/system/rpi-generate-ssh-host-keys.service "${ROOT?}/etc/systemd/system/multi-user.target.requires/rpi-generate-ssh-host-keys.service" + rm -f "${ROOT?}"/etc/ssh/ssh_host_*_key* + + root-fs: tag-root + + # Copy the relevant device tree files to the boot partition + - chroot: tag-root + shell: | + install -m 644 -o root -g root /usr/lib/linux-image-*-arm64/broadcom/bcm*rpi*.dtb /boot/firmware/ + + # Clean up archive cache (likely not useful) and lists (likely outdated) to + # reduce image size by several hundred megabytes. + - chroot: tag-root + shell: | + apt-get clean + rm -rf /var/lib/apt/lists + + # Modify the kernel commandline we take from the firmware to boot from + # the partition labeled raspiroot instead of forcing it to mmcblk0p2. + # Also insert the serial console right before the root= parameter. + # + # These changes will be overwritten after the hardware is probed + # after dpkg reconfigures raspi-firmware (upon first boot), so make + # sure we don't lose label-based booting. + - chroot: tag-root + shell: | + sed -i 's/root=/console=ttyS1,115200 root=/' /boot/firmware/cmdline.txt + sed -i 's#root=/dev/mmcblk0p2#root=LABEL=RASPIROOT#' /boot/firmware/cmdline.txt + sed -i 's/^#ROOTPART=.*/ROOTPART=LABEL=RASPIROOT/' /etc/default/raspi*-firmware + + sed -i 's/cma=64M //' /boot/firmware/cmdline.txt + + # TODO(https://github.com/larswirzenius/vmdb2/issues/24): remove once vmdb + # clears /etc/resolv.conf on its own. + - shell: | + rm "${ROOT?}/etc/resolv.conf" + root-fs: tag-root + + # Clear /etc/machine-id and /var/lib/dbus/machine-id, as both should + # be auto-generated upon first boot. From the manpage + # (machine-id(5)): + # + # For normal operating system installations, where a custom image is + # created for a specific machine, /etc/machine-id should be + # populated during installation. + # + # Note this will also trigger ConditionFirstBoot=yes for systemd. + # On Buster, /etc/machine-id should be an emtpy file, not an absent file + # On Bullseye, /etc/machine-id should not exist in an image + - chroot: tag-root + shell: | + rm -f /etc/machine-id /var/lib/dbus/machine-id + echo "uninitialized" > /etc/machine-id + + # Create /etc/raspi-image-id to know, from what commit the image was built + - chroot: tag-root + shell: | + echo "image based on revision: ff7fdbf (Switch from qemu-debootstrap to debootstrap., 2024-01-01) and built in 2024 with love from Hibby" > "/etc/raspi-image-id"