sd-card-images/scripts/build-debian

#!/bin/sh
# Build Debian root filesystem

OS="$1" # For example "debian"
ARCH="$2" # For example "armhf"
DIST="$3" # For example "buster"

set -ex

case "${OS}-${ARCH}" in
debian-armhf)
	KERNEL=linux-image-armmp
	URL=http://deb.debian.org/debian
	KERNEL_URL=http://packages.debian.org/"${DIST}"/"${KERNEL}"
	SCRIPT=/usr/share/debootstrap/scripts/sid
	;;
debian-arm64)
	KERNEL=linux-image-arm64
	URL=http://deb.debian.org/debian
	KERNEL_URL=http://packages.debian.org/"${DIST}"/"${KERNEL}"
	SCRIPT=/usr/share/debootstrap/scripts/sid
	;;
debian-i386)
	KERNEL=linux-image-686
	URL=http://deb.debian.org/debian
	KERNEL_URL=http://packages.debian.org/"${DIST}"/"${KERNEL}"
	SCRIPT=/usr/share/debootstrap/scripts/sid
	;;
debian-amd64)
	KERNEL=linux-image-amd64
	URL=http://deb.debian.org/debian
	KERNEL_URL=http://packages.debian.org/"${DIST}"/"${KERNEL}"
	SCRIPT=/usr/share/debootstrap/scripts/sid
	;;
ubuntu-amd64)
	KERNEL=linux-image-generic
	URL=http://archive.ubuntu.com/ubuntu
	KERNEL_URL=http://packages.ubuntu.com/"${DIST}"/"${KERNEL}"
	SCRIPT=/usr/share/debootstrap/scripts/gutsy
	;;
ubuntu-armhf|ubuntu-arm64)
	KERNEL=linux-image-generic
	URL=http://ports.ubuntu.com/ubuntu-ports
	KERNEL_URL=http://packages.ubuntu.com/"${DIST}"/"${KERNEL}"
	SCRIPT=/usr/share/debootstrap/scripts/gutsy
	;;
devuan-armhf)
	KERNEL=linux-image-armmp
	URL=http://deb.devuan.org/merged
	# 2024-05-01 pkginfo.devuan.org does not have info for armhf.
	KERNEL_URL=https://pkginfo.devuan.org/cgi-bin/policy-query.html?c=package&q=${KERNEL}
	SCRIPT=/usr/share/debootstrap/scripts/ceres
	;;
devuan-arm64)
	KERNEL=linux-image-arm64
	URL=http://deb.devuan.org/merged
	KERNEL_URL=https://pkginfo.devuan.org/cgi-bin/policy-query.html?c=package&q=${KERNEL}
	SCRIPT=/usr/share/debootstrap/scripts/ceres
	;;
devuan-i386)
	KERNEL=linux-image-686
	URL=http://deb.devuan.org/merged
	KERNEL_URL=https://pkginfo.devuan.org/cgi-bin/policy-query.html?c=package&q=${KERNEL}
	SCRIPT=/usr/share/debootstrap/scripts/ceres
	;;
devuan-amd64)
	KERNEL=linux-image-amd64
	URL=http://deb.devuan.org/merged
	KERNEL_URL=https://pkginfo.devuan.org/cgi-bin/policy-query.html?c=package&q=${KERNEL}
	SCRIPT=/usr/share/debootstrap/scripts/ceres
	;;
*)
	echo "Can't decide kernel package for \"${ARCH}\""
	exit 1
	;;
esac

case "${OS}-${ARCH}-${DIST}" in
debian-*-rc-buggy|debian-*-experimental)
	TARGET=sid
	KERNELSUITE="-t experimental"
	;;
*)
	TARGET="${DIST}"
	KERNELSUITE=""
	;;
esac

# Create fresh empty directory
TMP=$(mktemp -d -p "${PWD}" tmp-XXXXXX)
trap 'rm -rf "${TMP}"' EXIT INT TERM
cd "${TMP}"

# Build a Debian root filesystem (first stage)
case ${OS} in
debian | ubuntu)
debootstrap \
  --arch="${ARCH}" \
  --verbose \
  --variant=minbase \
  --foreign \
  --include=\
netbase,\
net-tools,\
systemd-sysv,\
u-boot-tools,\
initramfs-tools,\
openssh-server,\
nano \
  "${TARGET}" \
  debian \
  "${URL}" \
  "${SCRIPT}"
	;;
devuan)
	# Need Devuan's keys and Devuan's debootstrap.
	case ${DIST} in
	ceres | beowulf | chimaera | daedalus)
		# https://www.devuan.org/os/keyring
		# Ceres, Beowulf, Chimaera and Daedalus
		RELEASE_KEY="94532124541922FB"
		;;
	excalibur)
		RELEASE_KEY="B3982868D104092C"
		;;
	freia)
		RELEASE_KEY="55C470D57732684B"
		;;
	*)
		echo "Can't decide release key for \"${DIST}\""
		exit 1
		;;
	esac

	# Use Ubuntu's gpg to get Devuan's signing key.
	apt-get update && apt-get install -y gpg

	# Add Devuan's signing key.
	echo "Adding Devuan ${DIST} signing key (https://www.devuan.org/os/keyring):" ${RELEASE_KEY}
	gpg --keyserver keyring.devuan.org --recv-keys ${RELEASE_KEY} && \
	    gpg --export ${RELEASE_KEY} >/etc/apt/trusted.gpg.d/devuan_key.gpg

	# Get Devuan's debootstrap.
	echo "deb http://deb.devuan.org/merged ${DIST} main" > /etc/apt/sources.list.d/devuan.list
	apt-get update && apt-get --assume-yes \
		--no-install-recommends \
		install --force-yes -t ${DIST} debootstrap

debootstrap \
  --arch="${ARCH}" \
  --verbose \
  --variant=minbase \
  --foreign \
  --include=\
netbase,\
net-tools,\
sysvinit,\
u-boot-tools,\
initramfs-tools,\
openssh-server,\
nano,\
vim-tiny \
  "${TARGET}" \
  debian \
  "${URL}" \
  "${SCRIPT}"
	;;
esac

# Randomly generated root password
PASSWORD="${PASSWORD_OVERRIDE:-$(pwgen -B -A 6 1)}"

# Write apt sources config
case "${OS}-${ARCH}-${DIST}" in
debian-*-rc-buggy|debian-*-experimental)
	tee debian/tmp/sources.list <<- EOF
deb http://deb.debian.org/debian ${TARGET} main
deb-src http://deb.debian.org/debian ${TARGET} main
deb http://deb.debian.org/debian ${DIST} main
deb-src http://deb.debian.org/debian ${DIST} main
EOF
	;;
debian-*-sid|debian-*-unstable)
	tee debian/tmp/sources.list <<- EOF
deb http://deb.debian.org/debian ${DIST} main
deb-src http://deb.debian.org/debian ${DIST} main
EOF
	;;
debian-*)
	tee debian/tmp/sources.list <<- EOF
deb http://deb.debian.org/debian ${DIST} main
deb-src http://deb.debian.org/debian ${DIST} main
deb http://deb.debian.org/debian ${DIST}-updates main
deb-src http://deb.debian.org/debian ${DIST}-updates main
deb http://security.debian.org/debian-security ${DIST}-security main
deb-src http://security.debian.org/debian-security ${DIST}-security main
EOF
	;;
ubuntu-amd64-*)
	tee debian/tmp/sources.list <<- EOF
deb http://archive.ubuntu.com/ubuntu ${DIST} main universe
deb-src http://archive.ubuntu.com/ubuntu ${DIST} main universe
deb http://archive.ubuntu.com/ubuntu ${DIST}-updates main universe
deb-src http://archive.ubuntu.com/ubuntu ${DIST}-updates main universe
deb http://archive.ubuntu.com/ubuntu ${DIST}-security main universe
deb-src http://archive.ubuntu.com/ubuntu ${DIST}-security main universe
EOF
	;;
ubuntu-*)
	tee debian/tmp/sources.list <<- EOF
deb http://ports.ubuntu.com/ubuntu-ports ${DIST} main universe
deb-src http://ports.ubuntu.com/ubuntu-ports ${DIST} main universe
deb http://ports.ubuntu.com/ubuntu-ports ${DIST}-updates main universe
deb-src http://ports.ubuntu.com/ubuntu-ports ${DIST}-updates main universe
deb http://ports.ubuntu.com/ubuntu-ports ${DIST}-security main universe
deb-src http://ports.ubuntu.com/ubuntu-ports ${DIST}-security main universe
EOF
	;;
devuan-*-excalibur | devuan-*-testing)
	# https://pkginfo.devuan.org/sources.list.txt
	tee debian/tmp/sources.list <<-EOF
deb http://deb.devuan.org/merged ${DIST} main
deb-src http://deb.devuan.org/merged ${DIST} main
EOF
	;;
devuan-*-ceres | devuan-*-unstable)
	# https://pkginfo.devuan.org/sources.list.txt
	tee debian/tmp/sources.list <<-EOF
deb http://deb.devuan.org/merged ${DIST} main
deb-src http://deb.devuan.org/merged ${DIST} main
EOF
	;;
devuan-*)
	tee debian/tmp/sources.list <<-EOF
deb http://deb.devuan.org/merged ${DIST} main
deb-src http://deb.devuan.org/merged ${DIST} main
deb http://deb.devuan.org/merged ${DIST}-updates main
deb-src http://deb.devuan.org/merged ${DIST}-updates main
deb http://deb.devuan.org/merged ${DIST}-security main
deb-src http://deb.devuan.org/merged ${DIST}-security main
EOF
	;;
esac

case "${OS}-${ARCH}-${DIST}" in
debian-*-rc-buggy|debian-*-experimental)
	# For Debian Experimental, set lower priority to "experimental"
	tee debian/tmp/priority-experimental <<- EOF
Package: *
Pin: release o=Debian,a=experimental
Pin-Priority: 300
EOF
	;;
*)
	;;
esac

cp -rv --preserve=mode ../2nd-stage-files/pre-2nd-stage-files/* debian
cp -rv --preserve=mode ../2nd-stage-files/pre-2nd-stage-files-${ARCH}/* debian

# Copy ARM emulation stuff
cp -v /usr/bin/qemu-*-static debian/usr/bin || :

# Build a Debian root filesystem (second stage)
case "${OS}" in
debian | ubuntu)
	# Build a Debian root filesystem (second stage)
chroot debian /bin/sh -ex <<-EOF
/debootstrap/debootstrap --second-stage
/bin/mv /tmp/sources.list /etc/apt/sources.list
/bin/mv /tmp/priority-experimental /etc/apt/preferences.d/priority-experimental || :
/usr/bin/apt-get update
/usr/bin/apt-get -y upgrade
/usr/bin/apt-get -y --no-install-recommends "${KERNELSUITE}" install "${KERNEL}"
/usr/bin/apt-get -y install systemd-timesyncd || :
/usr/bin/apt-get -y install systemd-resolved || :
/usr/bin/apt-get clean
/bin/rm -rf /var/lib/apt/lists/*
echo "kernel-url,${KERNEL_URL}\n" >> /tmp/versions.csv
/usr/bin/dpkg-query --showformat='kernel,\${Version}\n' --show "${KERNEL}" >> /tmp/versions.csv
/usr/bin/systemctl enable systemd-networkd.service
/usr/bin/systemctl enable systemd-resolved.service
/usr/bin/systemctl enable systemd-timesyncd.service
/bin/rm -f /var/log/*.log
/bin/echo "root:${PASSWORD}" | /usr/sbin/chpasswd
/bin/sed -i "s/#*\s*PermitRootLogin .*/PermitRootLogin yes/" /etc/ssh/sshd_config
EOF
	;;
devuan)
	# Build a Devuan root filesystem (second stage)
chroot debian /bin/sh -ex <<-EOF
/debootstrap/debootstrap --second-stage
/bin/mv /tmp/sources.list /etc/apt/sources.list
# /usr/bin/apt-key add /etc/apt/trusted.gpg.d/devuan_key.gpg
/usr/bin/apt-get update
/usr/bin/apt-get -y upgrade
/usr/bin/apt-get -y --no-install-recommends "${KERNELSUITE}" install "${KERNEL}"
/usr/bin/apt-get -y install connman || :
/usr/bin/apt-get -y install openntpd || :
/usr/bin/apt-get clean
/bin/rm -rf /var/lib/apt/lists/*
echo "kernel-url,${KERNEL_URL}\n" >> /tmp/versions.csv
/usr/bin/dpkg-query --showformat='kernel,\${Version}\n' --show "${KERNEL}" > /tmp/versions.csv
/bin/rm -f /var/log/*.log
/bin/echo "root:${PASSWORD}" | /usr/sbin/chpasswd
/bin/sed -i "s/#*\s*PermitRootLogin .*/PermitRootLogin yes/" /etc/ssh/sshd_config
EOF
	;;
esac

# Remove ARM emulation stuff again
rm -v debian/usr/bin/qemu-*-static || :

cp -rv --preserve=mode ../2nd-stage-files/post-2nd-stage-files/* debian

# Set hostname
echo "${OS}" > debian/etc/hostname

# Set resolv.conf
case "${OS}" in
debian | ubuntu)
	ln -sf /run/systemd/resolve/stub-resolv.conf debian/etc/resolv.conf
	;;
devuan)
	ln -sf /run/connman/resolv.conf debian/etc/resolv.conf
	;;
esac

# List all files
find debian ! -type d -printf "/%P\n" | sort > files.txt

mv debian/tmp/versions.csv versions.csv

# Make a ext4 filesystem of this and put it into the image
# >>> ((3800000000 - 32 * 1024 * 1024) // (1024 * 1024)) * (1024 * 1024)
# 3765436416
rm -f ext4.img
fallocate -l 3765436416 ext4.img
mkfs.ext4 -d debian ext4.img
pigz ext4.img

mkdir -p "${ARTIFACTS_DIR:-/artifacts}"
cp -v files.txt "${ARTIFACTS_DIR:-/artifacts}/${OS}-${DIST}-${ARCH}-${PASSWORD}.bin.gz.files.txt"
cp -v versions.csv "${ARTIFACTS_DIR:-/artifacts}/${OS}-${DIST}-${ARCH}-${PASSWORD}.bin.gz.versions.csv"
cp -v ext4.img.gz "${ARTIFACTS_DIR:-/artifacts}/${OS}-${DIST}-${ARCH}-${PASSWORD}.bin.gz"