#!/bin/sh # Build Debian root filesystem OS="$1" # For example "debian" ARCH="$2" # For example "armhf" DIST="$3" # For example "buster" set -ex case "${OS}-${ARCH}" in debian-armhf) KERNEL=linux-image-armmp URL=http://deb.debian.org/debian KERNEL_URL=http://packages.debian.org/"${DIST}"/"${KERNEL}" SCRIPT=/usr/share/debootstrap/scripts/sid ;; debian-arm64) KERNEL=linux-image-arm64 URL=http://deb.debian.org/debian KERNEL_URL=http://packages.debian.org/"${DIST}"/"${KERNEL}" SCRIPT=/usr/share/debootstrap/scripts/sid ;; debian-i386) KERNEL=linux-image-686 URL=http://deb.debian.org/debian KERNEL_URL=http://packages.debian.org/"${DIST}"/"${KERNEL}" SCRIPT=/usr/share/debootstrap/scripts/sid ;; debian-amd64) KERNEL=linux-image-amd64 URL=http://deb.debian.org/debian KERNEL_URL=http://packages.debian.org/"${DIST}"/"${KERNEL}" SCRIPT=/usr/share/debootstrap/scripts/sid ;; ubuntu-amd64) KERNEL=linux-image-generic URL=http://archive.ubuntu.com/ubuntu KERNEL_URL=http://packages.ubuntu.com/"${DIST}"/"${KERNEL}" SCRIPT=/usr/share/debootstrap/scripts/gutsy ;; ubuntu-armhf|ubuntu-arm64) KERNEL=linux-image-generic URL=http://ports.ubuntu.com/ubuntu-ports KERNEL_URL=http://packages.ubuntu.com/"${DIST}"/"${KERNEL}" SCRIPT=/usr/share/debootstrap/scripts/gutsy ;; devuan-armhf) KERNEL=linux-image-armmp URL=http://deb.devuan.org/merged # 2024-05-01 pkginfo.devuan.org does not have info for armhf. KERNEL_URL=https://pkginfo.devuan.org/cgi-bin/policy-query.html?c=package&q=${KERNEL} SCRIPT=/usr/share/debootstrap/scripts/ceres ;; devuan-arm64) KERNEL=linux-image-arm64 URL=http://deb.devuan.org/merged KERNEL_URL=https://pkginfo.devuan.org/cgi-bin/policy-query.html?c=package&q=${KERNEL} SCRIPT=/usr/share/debootstrap/scripts/ceres ;; devuan-i386) KERNEL=linux-image-686 URL=http://deb.devuan.org/merged KERNEL_URL=https://pkginfo.devuan.org/cgi-bin/policy-query.html?c=package&q=${KERNEL} SCRIPT=/usr/share/debootstrap/scripts/ceres ;; devuan-amd64) KERNEL=linux-image-amd64 URL=http://deb.devuan.org/merged KERNEL_URL=https://pkginfo.devuan.org/cgi-bin/policy-query.html?c=package&q=${KERNEL} SCRIPT=/usr/share/debootstrap/scripts/ceres ;; *) echo "Can't decide kernel package for \"${ARCH}\"" exit 1 ;; esac case "${OS}-${ARCH}-${DIST}" in debian-*-rc-buggy|debian-*-experimental) TARGET=sid KERNELSUITE="-t experimental" ;; *) TARGET="${DIST}" KERNELSUITE="" ;; esac # Create fresh empty directory TMP=$(mktemp -d -p "${PWD}" tmp-XXXXXX) trap 'rm -rf "${TMP}"' EXIT INT TERM cd "${TMP}" # Build a Debian root filesystem (first stage) case ${OS} in debian | ubuntu) debootstrap \ --arch="${ARCH}" \ --verbose \ --variant=minbase \ --foreign \ --include=\ netbase,\ net-tools,\ systemd-sysv,\ u-boot-tools,\ initramfs-tools,\ openssh-server,\ nano \ "${TARGET}" \ debian \ "${URL}" \ "${SCRIPT}" ;; devuan) # Need Devuan's keys and Devuan's debootstrap. case ${DIST} in ceres | beowulf | chimaera | daedalus) # https://www.devuan.org/os/keyring # Ceres, Beowulf, Chimaera and Daedalus RELEASE_KEY="94532124541922FB" ;; excalibur) RELEASE_KEY="B3982868D104092C" ;; freia) RELEASE_KEY="55C470D57732684B" ;; *) echo "Can't decide release key for \"${DIST}\"" exit 1 ;; esac # Use Ubuntu's gpg to get Devuan's signing key. apt-get update && apt-get install -y gpg # Add Devuan's signing key. echo "Adding Devuan ${DIST} signing key (https://www.devuan.org/os/keyring):" ${RELEASE_KEY} gpg --keyserver keyring.devuan.org --recv-keys ${RELEASE_KEY} && \ gpg --export ${RELEASE_KEY} >/etc/apt/trusted.gpg.d/devuan_key.gpg # Get Devuan's debootstrap. echo "deb http://deb.devuan.org/merged ${DIST} main" > /etc/apt/sources.list.d/devuan.list apt-get update && apt-get --assume-yes \ --no-install-recommends \ install --force-yes -t ${DIST} debootstrap debootstrap \ --arch="${ARCH}" \ --verbose \ --variant=minbase \ --foreign \ --include=\ netbase,\ net-tools,\ sysvinit,\ u-boot-tools,\ initramfs-tools,\ openssh-server,\ nano,\ vim-tiny \ "${TARGET}" \ debian \ "${URL}" \ "${SCRIPT}" ;; esac # Randomly generated root password PASSWORD="${PASSWORD_OVERRIDE:-$(pwgen -B -A 6 1)}" # Write apt sources config case "${OS}-${ARCH}-${DIST}" in debian-*-rc-buggy|debian-*-experimental) tee debian/tmp/sources.list <<- EOF deb http://deb.debian.org/debian ${TARGET} main deb-src http://deb.debian.org/debian ${TARGET} main deb http://deb.debian.org/debian ${DIST} main deb-src http://deb.debian.org/debian ${DIST} main EOF ;; debian-*-sid|debian-*-unstable) tee debian/tmp/sources.list <<- EOF deb http://deb.debian.org/debian ${DIST} main deb-src http://deb.debian.org/debian ${DIST} main EOF ;; debian-*) tee debian/tmp/sources.list <<- EOF deb http://deb.debian.org/debian ${DIST} main deb-src http://deb.debian.org/debian ${DIST} main deb http://deb.debian.org/debian ${DIST}-updates main deb-src http://deb.debian.org/debian ${DIST}-updates main deb http://security.debian.org/debian-security ${DIST}-security main deb-src http://security.debian.org/debian-security ${DIST}-security main EOF ;; ubuntu-amd64-*) tee debian/tmp/sources.list <<- EOF deb http://archive.ubuntu.com/ubuntu ${DIST} main universe deb-src http://archive.ubuntu.com/ubuntu ${DIST} main universe deb http://archive.ubuntu.com/ubuntu ${DIST}-updates main universe deb-src http://archive.ubuntu.com/ubuntu ${DIST}-updates main universe deb http://archive.ubuntu.com/ubuntu ${DIST}-security main universe deb-src http://archive.ubuntu.com/ubuntu ${DIST}-security main universe EOF ;; ubuntu-*) tee debian/tmp/sources.list <<- EOF deb http://ports.ubuntu.com/ubuntu-ports ${DIST} main universe deb-src http://ports.ubuntu.com/ubuntu-ports ${DIST} main universe deb http://ports.ubuntu.com/ubuntu-ports ${DIST}-updates main universe deb-src http://ports.ubuntu.com/ubuntu-ports ${DIST}-updates main universe deb http://ports.ubuntu.com/ubuntu-ports ${DIST}-security main universe deb-src http://ports.ubuntu.com/ubuntu-ports ${DIST}-security main universe EOF ;; devuan-*-excalibur | devuan-*-testing) # https://pkginfo.devuan.org/sources.list.txt tee debian/tmp/sources.list <<-EOF deb http://deb.devuan.org/merged ${DIST} main deb-src http://deb.devuan.org/merged ${DIST} main EOF ;; devuan-*-ceres | devuan-*-unstable) # https://pkginfo.devuan.org/sources.list.txt tee debian/tmp/sources.list <<-EOF deb http://deb.devuan.org/merged ${DIST} main deb-src http://deb.devuan.org/merged ${DIST} main EOF ;; devuan-*) tee debian/tmp/sources.list <<-EOF deb http://deb.devuan.org/merged ${DIST} main deb-src http://deb.devuan.org/merged ${DIST} main deb http://deb.devuan.org/merged ${DIST}-updates main deb-src http://deb.devuan.org/merged ${DIST}-updates main deb http://deb.devuan.org/merged ${DIST}-security main deb-src http://deb.devuan.org/merged ${DIST}-security main EOF ;; esac case "${OS}-${ARCH}-${DIST}" in debian-*-rc-buggy|debian-*-experimental) # For Debian Experimental, set lower priority to "experimental" tee debian/tmp/priority-experimental <<- EOF Package: * Pin: release o=Debian,a=experimental Pin-Priority: 300 EOF ;; *) ;; esac cp -rv --preserve=mode ../2nd-stage-files/pre-2nd-stage-files/* debian cp -rv --preserve=mode ../2nd-stage-files/pre-2nd-stage-files-${ARCH}/* debian # Copy ARM emulation stuff cp -v /usr/bin/qemu-*-static debian/usr/bin || : # Build a Debian root filesystem (second stage) case "${OS}" in debian | ubuntu) # Build a Debian root filesystem (second stage) chroot debian /bin/sh -ex <<-EOF /debootstrap/debootstrap --second-stage /bin/mv /tmp/sources.list /etc/apt/sources.list /bin/mv /tmp/priority-experimental /etc/apt/preferences.d/priority-experimental || : /usr/bin/apt-get update /usr/bin/apt-get -y upgrade /usr/bin/apt-get -y --no-install-recommends "${KERNELSUITE}" install "${KERNEL}" /usr/bin/apt-get -y install systemd-timesyncd || : /usr/bin/apt-get -y install systemd-resolved || : /usr/bin/apt-get clean /bin/rm -rf /var/lib/apt/lists/* echo "kernel-url,${KERNEL_URL}\n" >> /tmp/versions.csv /usr/bin/dpkg-query --showformat='kernel,\${Version}\n' --show "${KERNEL}" >> /tmp/versions.csv /usr/bin/systemctl enable systemd-networkd.service /usr/bin/systemctl enable systemd-resolved.service /usr/bin/systemctl enable systemd-timesyncd.service /bin/rm -f /var/log/*.log /bin/echo "root:${PASSWORD}" | /usr/sbin/chpasswd /bin/sed -i "s/#*\s*PermitRootLogin .*/PermitRootLogin yes/" /etc/ssh/sshd_config EOF ;; devuan) # Build a Devuan root filesystem (second stage) chroot debian /bin/sh -ex <<-EOF /debootstrap/debootstrap --second-stage /bin/mv /tmp/sources.list /etc/apt/sources.list # /usr/bin/apt-key add /etc/apt/trusted.gpg.d/devuan_key.gpg /usr/bin/apt-get update /usr/bin/apt-get -y upgrade /usr/bin/apt-get -y --no-install-recommends "${KERNELSUITE}" install "${KERNEL}" /usr/bin/apt-get -y install connman || : /usr/bin/apt-get -y install openntpd || : /usr/bin/apt-get clean /bin/rm -rf /var/lib/apt/lists/* echo "kernel-url,${KERNEL_URL}\n" >> /tmp/versions.csv /usr/bin/dpkg-query --showformat='kernel,\${Version}\n' --show "${KERNEL}" > /tmp/versions.csv /bin/rm -f /var/log/*.log /bin/echo "root:${PASSWORD}" | /usr/sbin/chpasswd /bin/sed -i "s/#*\s*PermitRootLogin .*/PermitRootLogin yes/" /etc/ssh/sshd_config EOF ;; esac # Remove ARM emulation stuff again rm -v debian/usr/bin/qemu-*-static || : cp -rv --preserve=mode ../2nd-stage-files/post-2nd-stage-files/* debian # Set hostname echo "${OS}" > debian/etc/hostname # Set resolv.conf case "${OS}" in debian | ubuntu) ln -sf /run/systemd/resolve/stub-resolv.conf debian/etc/resolv.conf ;; devuan) ln -sf /run/connman/resolv.conf debian/etc/resolv.conf ;; esac # List all files find debian ! -type d -printf "/%P\n" | sort > files.txt mv debian/tmp/versions.csv versions.csv # Make a ext4 filesystem of this and put it into the image # >>> ((3800000000 - 32 * 1024 * 1024) // (1024 * 1024)) * (1024 * 1024) # 3765436416 rm -f ext4.img fallocate -l 3765436416 ext4.img mkfs.ext4 -d debian ext4.img pigz ext4.img mkdir -p "${ARTIFACTS_DIR:-/artifacts}" cp -v files.txt "${ARTIFACTS_DIR:-/artifacts}/${OS}-${DIST}-${ARCH}-${PASSWORD}.bin.gz.files.txt" cp -v versions.csv "${ARTIFACTS_DIR:-/artifacts}/${OS}-${DIST}-${ARCH}-${PASSWORD}.bin.gz.versions.csv" cp -v ext4.img.gz "${ARTIFACTS_DIR:-/artifacts}/${OS}-${DIST}-${ARCH}-${PASSWORD}.bin.gz"