Path: blob/next/scripts/distributions.sh
13066 views
#!/bin/bash1#2# Copyright (c) 2013-2021 Igor Pecovnik, igor.pecovnik@gma**.com3#4# This file is licensed under the terms of the GNU General Public5# License version 2. This program is licensed "as is" without any6# warranty of any kind, whether express or implied.789# Functions:1011# install_common12# install_rclocal13# install_distribution_specific14# post_debootstrap_tweaks1516171819install_common()20{21display_alert "Applying common tweaks" "" "info"2223# install rootfs encryption related packages separate to not break packages cache24if [[ $CRYPTROOT_ENABLE == yes ]]; then25display_alert "Installing rootfs encryption related packages" "cryptsetup" "info"26chroot "${SDCARD}" /bin/bash -c "apt-get -y -qq --no-install-recommends install cryptsetup" \27>> "${DEST}"/${LOG_SUBPATH}/install.log 2>&128if [[ $CRYPTROOT_SSH_UNLOCK == yes ]]; then29display_alert "Installing rootfs encryption related packages" "dropbear-initramfs" "info"30chroot "${SDCARD}" /bin/bash -c "apt-get -y -qq --no-install-recommends install dropbear-initramfs cryptsetup-initramfs" \31>> "${DEST}"/${LOG_SUBPATH}/install.log 2>&132fi3334fi3536# add dummy fstab entry to make mkinitramfs happy37echo "/dev/mmcblk0p1 / $ROOTFS_TYPE defaults 0 1" >> "${SDCARD}"/etc/fstab38# required for initramfs-tools-core on Stretch since it ignores the / fstab entry39echo "/dev/mmcblk0p2 /usr $ROOTFS_TYPE defaults 0 2" >> "${SDCARD}"/etc/fstab4041# adjust initramfs dropbear configuration42# needs to be done before kernel installation, else it won't be in the initrd image43if [[ $CRYPTROOT_ENABLE == yes && $CRYPTROOT_SSH_UNLOCK == yes ]]; then44# Set the port of the dropbear ssh daemon in the initramfs to a different one if configured45# this avoids the typical 'host key changed warning' - `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!`46[[ -f "${SDCARD}"/etc/dropbear-initramfs/config ]] && \47sed -i 's/^#DROPBEAR_OPTIONS=/DROPBEAR_OPTIONS="-p '"${CRYPTROOT_SSH_UNLOCK_PORT}"'"/' \48"${SDCARD}"/etc/dropbear-initramfs/config4950# setup dropbear authorized_keys, either provided by userpatches or generated51if [[ -f $USERPATCHES_PATH/dropbear_authorized_keys ]]; then52cp "$USERPATCHES_PATH"/dropbear_authorized_keys "${SDCARD}"/etc/dropbear-initramfs/authorized_keys53else54# generate a default ssh key for login on dropbear in initramfs55# this key should be changed by the user on first login56display_alert "Generating a new SSH key pair for dropbear (initramfs)" "" ""57ssh-keygen -t ecdsa -f "${SDCARD}"/etc/dropbear-initramfs/id_ecdsa \58-N '' -O force-command=cryptroot-unlock -C 'AUTOGENERATED_BY_ARMBIAN_BUILD' >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&15960# /usr/share/initramfs-tools/hooks/dropbear will automatically add 'id_ecdsa.pub' to authorized_keys file61# during mkinitramfs of update-initramfs62#cat "${SDCARD}"/etc/dropbear-initramfs/id_ecdsa.pub > "${SDCARD}"/etc/dropbear-initramfs/authorized_keys63# The version of the Linux kernel64CRYPTROOT_SSH_UNLOCK_KEY_NAME="${BOARD^}_${REVISION}_${DISTRIBUTION,}_${RELEASE}_${SELECTED_CONFIGURATION}_linux"$(grab_version "$LINUXSOURCEDIR")"".key65# copy dropbear ssh key to image output dir for convenience66cp "${SDCARD}"/etc/dropbear-initramfs/id_ecdsa "${DEST}/images/${CRYPTROOT_SSH_UNLOCK_KEY_NAME}"67display_alert "SSH private key for dropbear (initramfs) has been copied to:" \68"$DEST/images/$CRYPTROOT_SSH_UNLOCK_KEY_NAME" "info"69fi70fi7172# create modules file73local modules=MODULES_${BRANCH^^}74if [[ -n "${!modules}" ]]; then75tr ' ' '\n' <<< "${!modules}" > "${SDCARD}"/etc/modules76elif [[ -n "${MODULES}" ]]; then77tr ' ' '\n' <<< "${MODULES}" > "${SDCARD}"/etc/modules78fi7980# create blacklist files81local blacklist=MODULES_BLACKLIST_${BRANCH^^}82if [[ -n "${!blacklist}" ]]; then83tr ' ' '\n' <<< "${!blacklist}" | sed -e 's/^/blacklist /' > "${SDCARD}/etc/modprobe.d/blacklist-${BOARD}.conf"84elif [[ -n "${MODULES_BLACKLIST}" ]]; then85tr ' ' '\n' <<< "${MODULES_BLACKLIST}" | sed -e 's/^/blacklist /' > "${SDCARD}/etc/modprobe.d/blacklist-${BOARD}.conf"86fi8788# configure MIN / MAX speed for cpufrequtils89cat <<-EOF > "${SDCARD}"/etc/default/cpufrequtils90ENABLE=true91MIN_SPEED=$CPUMIN92MAX_SPEED=$CPUMAX93GOVERNOR=$GOVERNOR94EOF9596# remove default interfaces file if present97# before installing board support package98rm -f "${SDCARD}"/etc/network/interfaces99100# disable selinux by default101mkdir -p "${SDCARD}"/selinux102[[ -f "${SDCARD}"/etc/selinux/config ]] && sed "s/^SELINUX=.*/SELINUX=disabled/" -i "${SDCARD}"/etc/selinux/config103104# remove Ubuntu's legal text105[[ -f "${SDCARD}"/etc/legal ]] && rm "${SDCARD}"/etc/legal106107# Prevent loading paralel printer port drivers which we don't need here.108# Suppress boot error if kernel modules are absent109if [[ -f "${SDCARD}"/etc/modules-load.d/cups-filters.conf ]]; then110sed "s/^lp/#lp/" -i "${SDCARD}"/etc/modules-load.d/cups-filters.conf111sed "s/^ppdev/#ppdev/" -i "${SDCARD}"/etc/modules-load.d/cups-filters.conf112sed "s/^parport_pc/#parport_pc/" -i "${SDCARD}"/etc/modules-load.d/cups-filters.conf113fi114115# console fix due to Debian bug116sed -e 's/CHARMAP=".*"/CHARMAP="'$CONSOLE_CHAR'"/g' -i "${SDCARD}"/etc/default/console-setup117118# add the /dev/urandom path to the rng config file119echo "HRNGDEVICE=/dev/urandom" >> "${SDCARD}"/etc/default/rng-tools120121# ping needs privileged action to be able to create raw network socket122# this is working properly but not with (at least) Debian Buster123chroot "${SDCARD}" /bin/bash -c "chmod u+s /bin/ping"124125# change time zone data126echo "${TZDATA}" > "${SDCARD}"/etc/timezone127chroot "${SDCARD}" /bin/bash -c "dpkg-reconfigure -f noninteractive tzdata >/dev/null 2>&1"128129# set root password130chroot "${SDCARD}" /bin/bash -c "(echo $ROOTPWD;echo $ROOTPWD;) | passwd root >/dev/null 2>&1"131132# enable automated login to console(s)133#mkdir -p "${SDCARD}"/etc/systemd/system/[email protected]/134#mkdir -p "${SDCARD}"/etc/systemd/system/[email protected]/135#cat <<-EOF > "${SDCARD}"/etc/systemd/system/[email protected]/override.conf136#[Service]137#ExecStartPre=/bin/sh -c 'exec /bin/sleep 10'138#ExecStart=139#ExecStart=-/sbin/agetty --noissue --autologin root %I \$TERM140#Type=idle141#EOF142#cp "${SDCARD}"/etc/systemd/system/[email protected]/override.conf "${SDCARD}"/etc/systemd/system/[email protected]/override.conf143144# force change root password at first login145#chroot "${SDCARD}" /bin/bash -c "chage -d 0 root"146147# change console welcome text148echo -e "${VENDOR} ${REVISION} ${RELEASE^} \\l \n" > "${SDCARD}"/etc/issue149echo "${VENDOR} ${REVISION} ${RELEASE^}" > "${SDCARD}"/etc/issue.net150sed -i "s/^PRETTY_NAME=.*/PRETTY_NAME=\"${VENDOR} $REVISION "${RELEASE^}"\"/" "${SDCARD}"/etc/os-release151152# enable few bash aliases enabled in Ubuntu by default to make it even153sed "s/#alias ll='ls -l'/alias ll='ls -l'/" -i "${SDCARD}"/etc/skel/.bashrc154sed "s/#alias la='ls -A'/alias la='ls -A'/" -i "${SDCARD}"/etc/skel/.bashrc155sed "s/#alias l='ls -CF'/alias l='ls -CF'/" -i "${SDCARD}"/etc/skel/.bashrc156# root user is already there. Copy bashrc there as well157cp "${SDCARD}"/etc/skel/.bashrc "${SDCARD}"/root158159# display welcome message at first root login160touch "${SDCARD}"/root/.not_logged_in_yet161162if [[ ${DESKTOP_AUTOLOGIN} != no ]]; then163# set desktop autologin164touch "${SDCARD}"/root/.desktop_autologin165fi166167# NOTE: this needs to be executed before family_tweaks168local bootscript_src=${BOOTSCRIPT%%:*}169local bootscript_dst=${BOOTSCRIPT##*:}170local bootdir=$([[ "$BOOTFS_TYPE" == "fat" ]] || echo "/boot")171172# create extlinux config file173if [[ $SRC_EXTLINUX == yes ]]; then174mkdir -p $SDCARD/boot/extlinux175cat <<-EOF > "$SDCARD/boot/extlinux/extlinux.conf"176label ${VENDOR}177kernel $bootdir/$NAME_KERNEL178initrd $bootdir/$NAME_INITRD179EOF180if [[ -n $BOOT_FDT_FILE ]]; then181if [[ $BOOT_FDT_FILE != "none" ]]; then182echo " fdt $bootdir/dtb/$BOOT_FDT_FILE" >> "$SDCARD/boot/extlinux/extlinux.conf"183fi184else185echo " fdtdir $bootdir/dtb/" >> "$SDCARD/boot/extlinux/extlinux.conf"186fi187else188189if [[ "${BOOTCONFIG}" != "none" ]]; then190if [ -f "${USERPATCHES_PATH}/bootscripts/${bootscript_src}" ]; then191cp "${USERPATCHES_PATH}/bootscripts/${bootscript_src}" "${SDCARD}/boot/${bootscript_dst}"192else193cp "${EXTER}/config/bootscripts/${bootscript_src}" "${SDCARD}/boot/${bootscript_dst}"194fi195fi196197if [[ -n $BOOTENV_FILE ]]; then198if [[ -f $USERPATCHES_PATH/bootenv/$BOOTENV_FILE ]]; then199cp "$USERPATCHES_PATH/bootenv/${BOOTENV_FILE}" "${SDCARD}"/boot/orangepiEnv.txt200elif [[ -f $EXTER/config/bootenv/$BOOTENV_FILE ]]; then201cp "${EXTER}/config/bootenv/${BOOTENV_FILE}" "${SDCARD}"/boot/orangepiEnv.txt202fi203fi204205# TODO: modify $bootscript_dst or orangepiEnv.txt to make NFS boot universal206# instead of copying sunxi-specific template207if [[ $ROOTFS_TYPE == nfs ]]; then208display_alert "Copying NFS boot script template"209if [[ -f $USERPATCHES_PATH/nfs-boot.cmd ]]; then210cp "$USERPATCHES_PATH"/nfs-boot.cmd "${SDCARD}"/boot/boot.cmd211else212cp "${EXTER}"/config/templates/nfs-boot.cmd.template "${SDCARD}"/boot/boot.cmd213fi214fi215216[[ -n $OVERLAY_PREFIX && -f "${SDCARD}"/boot/orangepiEnv.txt && ($BRANCH =~ current|next || $BOARDFAMILY =~ "rockchip-rk3588"|"rockchip-rk356x") ]] && \217echo "overlay_prefix=$OVERLAY_PREFIX" >> "${SDCARD}"/boot/orangepiEnv.txt218219[[ -n $DEFAULT_OVERLAYS && -f "${SDCARD}"/boot/orangepiEnv.txt && ($BRANCH =~ current|next || $BOARDFAMILY =~ "rockchip-rk3588"|"rockchip-rk356x") ]] && \220echo "overlays=${DEFAULT_OVERLAYS//,/ }" >> "${SDCARD}"/boot/orangepiEnv.txt221222[[ -n $BOOT_FDT_FILE && -f "${SDCARD}"/boot/orangepiEnv.txt ]] && \223echo "fdtfile=${BOOT_FDT_FILE}" >> "${SDCARD}/boot/orangepiEnv.txt"224225fi226227# initial date for fake-hwclock228date -u '+%Y-%m-%d %H:%M:%S' > "${SDCARD}"/etc/fake-hwclock.data229230echo "${HOST}" > "${SDCARD}"/etc/hostname231232# set hostname in hosts file233cat <<-EOF > "${SDCARD}"/etc/hosts234127.0.0.1 localhost235127.0.1.1 $HOST236::1 localhost $HOST ip6-localhost ip6-loopback237fe00::0 ip6-localnet238ff00::0 ip6-mcastprefix239ff02::1 ip6-allnodes240ff02::2 ip6-allrouters241EOF242243cd $SRC244245# Prepare and export caching-related params common to all apt calls below, to maximize apt-cacher-ng usage246export APT_EXTRA_DIST_PARAMS=""247[[ $NO_APT_CACHER != yes ]] && APT_EXTRA_DIST_PARAMS="-o Acquire::http::Proxy=\"http://${APT_PROXY_ADDR:-localhost:3142}\" -o Acquire::http::Proxy::localhost=\"DIRECT\""248249display_alert "Cleaning" "package lists"250chroot "${SDCARD}" /bin/bash -c "apt-get clean"251252display_alert "Updating" "package lists"253chroot "${SDCARD}" /bin/bash -c "apt-get ${APT_EXTRA_DIST_PARAMS} update" >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1254255display_alert "Temporarily disabling" "initramfs-tools hook for kernel"256chroot "${SDCARD}" /bin/bash -c "chmod -v -x /etc/kernel/postinst.d/initramfs-tools" >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1257258# install family packages259if [[ -n ${PACKAGE_LIST_FAMILY} ]]; then260display_alert "Installing PACKAGE_LIST_FAMILY packages" "${PACKAGE_LIST_FAMILY}"261chroot "${SDCARD}" /bin/bash -c "DEBIAN_FRONTEND=noninteractive apt-get ${APT_EXTRA_DIST_PARAMS} -yqq --no-install-recommends install $PACKAGE_LIST_FAMILY" >> "${DEST}"/${LOG_SUBPATH}/install.log262fi263264# install board packages265if [[ -n ${PACKAGE_LIST_BOARD} ]]; then266display_alert "Installing PACKAGE_LIST_BOARD packages" "${PACKAGE_LIST_BOARD}"267chroot "${SDCARD}" /bin/bash -c "DEBIAN_FRONTEND=noninteractive apt-get ${APT_EXTRA_DIST_PARAMS} -yqq --no-install-recommends install $PACKAGE_LIST_BOARD" >> "${DEST}"/${LOG_SUBPATH}/install.log || { display_alert "Failed to install PACKAGE_LIST_BOARD" "${PACKAGE_LIST_BOARD}" "err"; exit 2; }268fi269270# remove family packages271if [[ -n ${PACKAGE_LIST_FAMILY_REMOVE} ]]; then272display_alert "Removing PACKAGE_LIST_FAMILY_REMOVE packages" "${PACKAGE_LIST_FAMILY_REMOVE}"273chroot "${SDCARD}" /bin/bash -c "DEBIAN_FRONTEND=noninteractive apt-get ${APT_EXTRA_DIST_PARAMS} -yqq remove --auto-remove $PACKAGE_LIST_FAMILY_REMOVE" >> "${DEST}"/${LOG_SUBPATH}/install.log274fi275276# remove board packages277if [[ -n ${PACKAGE_LIST_BOARD_REMOVE} ]]; then278display_alert "Removing PACKAGE_LIST_BOARD_REMOVE packages" "${PACKAGE_LIST_BOARD_REMOVE}"279for PKG_REMOVE in ${PACKAGE_LIST_BOARD_REMOVE}; do280chroot "${SDCARD}" /bin/bash -c "DEBIAN_FRONTEND=noninteractive apt-get ${APT_EXTRA_DIST_PARAMS} -yqq remove --auto-remove ${PKG_REMOVE}" >> "${DEST}"/${LOG_SUBPATH}/install.log281done282fi283284# install u-boot285# @TODO: add install_bootloader() extension method, refactor into u-boot extension286[[ "${BOOTCONFIG}" != "none" ]] && {287if [[ "${REPOSITORY_INSTALL}" != *u-boot* ]]; then288UBOOT_VER=$(dpkg --info "${DEB_STORAGE}/u-boot/${CHOSEN_UBOOT}_${REVISION}_${ARCH}.deb" | grep Descr | awk '{print $(NF)}')289install_deb_chroot "${DEB_STORAGE}/u-boot/${CHOSEN_UBOOT}_${REVISION}_${ARCH}.deb"290else291UBOOT_VER=$(dpkg --info "${DEB_ORANGEPI}/u-boot/${CHOSEN_UBOOT}_${REVISION}_${ARCH}.deb" | grep Descr | awk '{print $(NF)}')292install_deb_chroot "${DEB_ORANGEPI}/u-boot/${CHOSEN_UBOOT}_${REVISION}_${ARCH}.deb" "orangepi"293fi294}295296call_extension_method "pre_install_kernel_debs" << 'PRE_INSTALL_KERNEL_DEBS'297*called before installing the Armbian-built kernel deb packages*298It is not too late to `unset KERNELSOURCE` here and avoid kernel install.299PRE_INSTALL_KERNEL_DEBS300301# install kernel302[[ -n $KERNELSOURCE ]] && {303if [[ "${REPOSITORY_INSTALL}" != *kernel* ]]; then304VER=$(dpkg --info "${DEB_STORAGE}/${CHOSEN_KERNEL}_${REVISION}_${ARCH}.deb" | awk -F"-" '/Source:/{print $2}')305306install_deb_chroot "${DEB_STORAGE}/${CHOSEN_KERNEL}_${REVISION}_${ARCH}.deb"307if [[ -f ${DEB_STORAGE}/${CHOSEN_KERNEL/image/dtb}_${REVISION}_${ARCH}.deb ]]; then308install_deb_chroot "${DEB_STORAGE}/${CHOSEN_KERNEL/image/dtb}_${REVISION}_${ARCH}.deb"309fi310if [[ $INSTALL_HEADERS == yes ]]; then311install_deb_chroot "${DEB_STORAGE}/${CHOSEN_KERNEL/image/headers}_${REVISION}_${ARCH}.deb"312else313cp "${DEB_STORAGE}/${CHOSEN_KERNEL/image/headers}_${REVISION}_${ARCH}.deb" "${SDCARD}"/opt/314fi315else316VER=$(dpkg --info "${DEB_ORANGEPI}/${CHOSEN_KERNEL}_${REVISION}_${ARCH}.deb" | grep Descr | awk '{print $(NF)}')317VER="${VER/-$LINUXFAMILY/}"318319install_deb_chroot "${DEB_ORANGEPI}/${CHOSEN_KERNEL}_${REVISION}_${ARCH}.deb" "orangepi"320321if [[ -f ${DEB_ORANGEPI}/${CHOSEN_KERNEL/image/dtb}_${REVISION}_${ARCH}.deb ]]; then322install_deb_chroot "${DEB_ORANGEPI}/${CHOSEN_KERNEL/image/dtb}_${REVISION}_${ARCH}.deb" "orangepi"323fi324325if [[ $INSTALL_HEADERS == yes ]]; then326install_deb_chroot "${DEB_ORANGEPI}/${CHOSEN_KERNEL/image/headers}_${REVISION}_${ARCH}.deb" "orangepi"327fi328fi329}330331call_extension_method "post_install_kernel_debs" << 'POST_INSTALL_KERNEL_DEBS'332*allow config to do more with the installed kernel/headers*333Called after packages, u-boot, kernel and headers installed in the chroot, but before the BSP is installed.334If `KERNELSOURCE` is (still?) unset after this, Armbian-built firmware will not be installed.335POST_INSTALL_KERNEL_DEBS336337# install board support packages338if [[ "${REPOSITORY_INSTALL}" != *bsp* ]]; then339install_deb_chroot "${DEB_STORAGE}/$RELEASE/${BSP_CLI_PACKAGE_FULLNAME}.deb"340else341install_deb_chroot "${DEB_ORANGEPI}/$RELEASE/${CHOSEN_ROOTFS}_${BSP_CLI_PACKAGE_FULLNAME}.deb" "orangepi"342fi343344# install orangepi-desktop345if [[ "${REPOSITORY_INSTALL}" != *orangepi-desktop* ]]; then346if [[ $BUILD_DESKTOP == yes ]]; then347install_deb_chroot "${DEB_STORAGE}/${RELEASE}/${CHOSEN_DESKTOP}_${REVISION}_all.deb"348install_deb_chroot "${DEB_STORAGE}/${RELEASE}/${BSP_DESKTOP_PACKAGE_FULLNAME}.deb"349# install display manager and PACKAGE_LIST_DESKTOP_FULL packages if enabled per board350desktop_postinstall351fi352else353if [[ $BUILD_DESKTOP == yes ]]; then354install_deb_chroot "${CHOSEN_DESKTOP}" "orangepi"355# install display manager and PACKAGE_LIST_DESKTOP_FULL packages if enabled per board356desktop_postinstall357fi358fi359360# install orangepi-firmware361if [[ "${REPOSITORY_INSTALL}" != *orangepi-firmware* ]]; then362if [[ -f ${DEB_STORAGE}/orangepi-firmware_${REVISION}_all.deb ]]; then363install_deb_chroot "${DEB_STORAGE}/orangepi-firmware_${REVISION}_all.deb"364fi365else366if [[ -f ${DEB_STORAGE}/orangepi-firmware_${REVISION}_all.deb ]]; then367install_deb_chroot "${DEB_ORANGEPI}/orangepi-firmware_${REVISION}_all.deb" "orangepi"368fi369fi370371# install orangepi-config372if [[ "${PACKAGE_LIST_RM}" != *orangepi-config* ]]; then373if [[ "${REPOSITORY_INSTALL}" != *orangepi-config* ]]; then374if [[ $BUILD_MINIMAL != yes ]]; then375install_deb_chroot "${DEB_STORAGE}/orangepi-config_${REVISION}_all.deb"376fi377else378if [[ $BUILD_MINIMAL != yes ]]; then379install_deb_chroot "${DEB_ORANGEPI}/orangepi-config_${REVISION}_all.deb" "orangepi"380fi381fi382fi383384# install orangepi-zsh385if [[ "${PACKAGE_LIST_RM}" != *orangepi-zsh* ]]; then386if [[ "${REPOSITORY_INSTALL}" != *orangepi-zsh* ]]; then387if [[ $BUILD_MINIMAL != yes ]]; then388install_deb_chroot "${DEB_STORAGE}/orangepi-zsh_${REVISION}_all.deb"389fi390else391if [[ $BUILD_MINIMAL != yes ]]; then392install_deb_chroot "orangepi-zsh" "remote"393fi394fi395fi396397# install plymouth-theme-orangepi398if [[ $PLYMOUTH == yes && $BUILD_DESKTOP == yes && $RELEASE != buster ]]; then399if [[ "${REPOSITORY_INSTALL}" != *plymouth-theme-orangepi* ]]; then400install_deb_chroot "${DEB_STORAGE}/orangepi-plymouth-theme_${REVISION}_all.deb"401else402install_deb_chroot "orangepi-plymouth-theme" "remote"403fi404fi405406# install kernel sources407if [[ -f ${DEB_STORAGE}/${CHOSEN_KSRC}_${REVISION}_all.deb && $INSTALL_KSRC == yes ]]; then408install_deb_chroot "${DEB_STORAGE}/${CHOSEN_KSRC}_${REVISION}_all.deb"409elif [[ $INSTALL_KSRC == yes ]]; then410display_alert "Please set BUILD_KSRC=yes to generate the kernel source package" "" "wrn"411fi412413# install wireguard tools414if [[ $WIREGUARD == yes ]]; then415chroot "${SDCARD}" /bin/bash -c "apt-get -y -qq install wireguard-tools --no-install-recommends" >> "${DEST}"/debug/install.log 2>&1416fi417418# freeze orangepi packages419if [[ $BSPFREEZE == yes ]]; then420display_alert "Freezing Orange Pi packages" "$BOARD" "info"421chroot "${SDCARD}" /bin/bash -c "apt-mark hold ${CHOSEN_KERNEL} ${CHOSEN_KERNEL/image/headers} \422linux-u-boot-${BOARD}-${BRANCH} ${CHOSEN_KERNEL/image/dtb}" >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1423fi424425# add orangepi user426chroot "${SDCARD}" /bin/bash -c "adduser --quiet --disabled-password --shell /bin/bash --home /home/${OPI_USERNAME} --gecos ${OPI_USERNAME} ${OPI_USERNAME}"427chroot "${SDCARD}" /bin/bash -c "(echo ${OPI_PWD};echo ${OPI_PWD};) | passwd "${OPI_USERNAME}" >/dev/null 2>&1"428for additionalgroup in sudo netdev audio video disk tty users games dialout plugdev input bluetooth systemd-journal ssh docker; do429chroot "${SDCARD}" /bin/bash -c "usermod -aG ${additionalgroup} ${OPI_USERNAME} 2>/dev/null"430done431432# fix for gksu in Xenial433touch ${SDCARD}/home/${OPI_USERNAME}/.Xauthority434chroot "${SDCARD}" /bin/bash -c "chown ${OPI_USERNAME}:${OPI_USERNAME} /home/${OPI_USERNAME}/.Xauthority"435# set up profile sync daemon on desktop systems436chroot "${SDCARD}" /bin/bash -c "which psd >/dev/null 2>&1"437if [ $? -eq 0 ]; then438echo -e "${OPI_USERNAME} ALL=(ALL) NOPASSWD: /usr/bin/psd-overlay-helper" >> ${SDCARD}/etc/sudoers439touch ${SDCARD}/home/${OPI_USERNAME}/.activate_psd440chroot "${SDCARD}" /bin/bash -c "chown $OPI_USERNAME:$OPI_USERNAME /home/${OPI_USERNAME}/.activate_psd"441fi442443# remove deb files444rm -f "${SDCARD}"/root/*.deb445446# copy boot splash images447cp "${EXTER}"/packages/blobs/splash/orangepi-u-boot.bmp "${SDCARD}"/boot/boot.bmp448cp "${EXTER}"/packages/blobs/splash/logo.bmp "${SDCARD}"/boot/logo.bmp449450# copy audio.wav and mute.wav451cp "${EXTER}"/packages/blobs/audio_wav/audio.wav "${SDCARD}"/usr/share/sounds/alsa/452cp "${EXTER}"/packages/blobs/audio_wav/mute.wav "${SDCARD}"/usr/share/sounds/alsa/453454cp "${EXTER}"/packages/blobs/test.mp4 "${SDCARD}"/usr/local/455456# copy watchdog test programm457cp "${EXTER}"/packages/blobs/watchdog/watchdog_test_${ARCH} "${SDCARD}"/usr/local/bin/watchdog_test458459[[ -f "${SDCARD}"/usr/bin/gnome-session ]] && sed -i "s/user-session.*/user-session=ubuntu-wayland/" ${SDCARD}/etc/lightdm/lightdm.conf.d/22-orangepi-autologin.conf > /dev/null 2>&1460[[ -f "${SDCARD}"/usr/bin/startplasma-x11 ]] && sed -i "s/user-session.*/user-session=plasma-x11/" ${SDCARD}/etc/lightdm/lightdm.conf.d/22-orangepi-autologin.conf461462# execute $LINUXFAMILY-specific tweaks463[[ $(type -t family_tweaks) == function ]] && family_tweaks464465call_extension_method "post_family_tweaks" << 'FAMILY_TWEAKS'466*customize the tweaks made by $LINUXFAMILY-specific family_tweaks*467It is run after packages are installed in the rootfs, but before enabling additional services.468It allows implementors access to the rootfs (`${SDCARD}`) in its pristine state after packages are installed.469FAMILY_TWEAKS470471# enable additional services472chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-firstrun.service >/dev/null 2>&1"473chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-firstrun-config.service >/dev/null 2>&1"474chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-zram-config.service >/dev/null 2>&1"475chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-hardware-optimize.service >/dev/null 2>&1"476chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-ramlog.service >/dev/null 2>&1"477chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-resize-filesystem.service >/dev/null 2>&1"478chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-hardware-monitor.service >/dev/null 2>&1"479480# copy "first run automated config, optional user configured"481cp ${EXTER}/packages/bsp/orangepi_first_run.txt.template "${SDCARD}"/boot/orangepi_first_run.txt.template482483## switch to beta repository at this stage if building nightly images484#[[ $IMAGE_TYPE == nightly ]] \485#&& echo "deb http://beta.orangepi.com $RELEASE main ${RELEASE}-utils ${RELEASE}-desktop" \486#> "${SDCARD}"/etc/apt/sources.list.d/orangepi.list487488# Cosmetic fix [FAILED] Failed to start Set console font and keymap at first boot489[[ -f "${SDCARD}"/etc/console-setup/cached_setup_font.sh ]] \490&& sed -i "s/^printf '.*/printf '\\\033\%\%G'/g" "${SDCARD}"/etc/console-setup/cached_setup_font.sh491[[ -f "${SDCARD}"/etc/console-setup/cached_setup_terminal.sh ]] \492&& sed -i "s/^printf '.*/printf '\\\033\%\%G'/g" "${SDCARD}"/etc/console-setup/cached_setup_terminal.sh493[[ -f "${SDCARD}"/etc/console-setup/cached_setup_keyboard.sh ]] \494&& sed -i "s/-u/-x'/g" "${SDCARD}"/etc/console-setup/cached_setup_keyboard.sh495496# fix for https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1542723497chroot "${SDCARD}" /bin/bash -c "chown root:messagebus /usr/lib/dbus-1.0/dbus-daemon-launch-helper"498chroot "${SDCARD}" /bin/bash -c "chmod u+s /usr/lib/dbus-1.0/dbus-daemon-launch-helper"499500# disable samba NetBIOS over IP name service requests since it hangs when no network is present at boot501chroot "${SDCARD}" /bin/bash -c "systemctl --quiet disable nmbd 2> /dev/null"502503# disable low-level kernel messages for non betas504if [[ -z $BETA ]]; then505sed -i "s/^#kernel.printk*/kernel.printk/" "${SDCARD}"/etc/sysctl.conf506fi507508# disable repeated messages due to xconsole not being installed.509[[ -f "${SDCARD}"/etc/rsyslog.d/50-default.conf ]] && \510sed '/daemon\.\*\;mail.*/,/xconsole/ s/.*/#&/' -i "${SDCARD}"/etc/rsyslog.d/50-default.conf511512# disable deprecated parameter513sed '/.*$KLogPermitNonKernelFacility.*/,// s/.*/#&/' -i "${SDCARD}"/etc/rsyslog.conf514515# enable getty on multiple serial consoles516# and adjust the speed if it is defined and different than 115200517#518# example: SERIALCON="ttyS0:15000000,ttyGS1"519#520ifs=$IFS521for i in $(echo "${SERIALCON:-'ttyS0'}" | sed "s/,/ /g")522do523IFS=':' read -r -a array <<< "$i"524[[ "${array[0]}" == "tty1" ]] && continue # Don't enable tty1 as serial console.525display_alert "Enabling serial console" "${array[0]}" "info"526# add serial console to secure tty list527[ -z "$(grep -w '^${array[0]}' "${SDCARD}"/etc/securetty 2> /dev/null)" ] && \528echo "${array[0]}" >> "${SDCARD}"/etc/securetty529if [[ ${array[1]} != "115200" && -n ${array[1]} ]]; then530# make a copy, fix speed and enable531cp "${SDCARD}"/lib/systemd/system/[email protected] \532"${SDCARD}/lib/systemd/system/serial-getty@${array[0]}.service"533sed -i "s/--keep-baud 115200/--keep-baud ${array[1]},115200/" \534"${SDCARD}/lib/systemd/system/serial-getty@${array[0]}.service"535fi536chroot "${SDCARD}" /bin/bash -c "systemctl daemon-reload" >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1537chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable serial-getty@${array[0]}.service" \538>> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1539if [[ "${array[0]}" == "ttyGS0" && $LINUXFAMILY == sun8i && $BRANCH == legacy ]]; then540mkdir -p "${SDCARD}"/etc/systemd/system/[email protected]541cat <<-EOF > "${SDCARD}"/etc/systemd/system/[email protected]/10-switch-role.conf542[Service]543ExecStartPre=-/bin/sh -c "echo 2 > /sys/bus/platform/devices/sunxi_usb_udc/otg_role"544EOF545fi546done547IFS=$ifs548549[[ $LINUXFAMILY == sun*i ]] && mkdir -p "${SDCARD}"/boot/overlay-user550551# to prevent creating swap file on NFS (needs specific kernel options)552# and f2fs/btrfs (not recommended or needs specific kernel options)553[[ $ROOTFS_TYPE != ext4 ]] && touch "${SDCARD}"/var/swap554555# install initial asound.state if defined556mkdir -p "${SDCARD}"/var/lib/alsa/557[[ -n $ASOUND_STATE ]] && cp "${EXTER}/packages/blobs/asound.state/${ASOUND_STATE}" "${SDCARD}"/var/lib/alsa/asound.state558559# save initial orangepi-release state560cp "${SDCARD}"/etc/orangepi-release "${SDCARD}"/etc/orangepi-image-release561562# DNS fix. package resolvconf is not available everywhere563if [ -d /etc/resolvconf/resolv.conf.d ] && [ -n "$NAMESERVER" ]; then564echo "nameserver $NAMESERVER" > "${SDCARD}"/etc/resolvconf/resolv.conf.d/head565fi566567# permit root login via SSH for the first boot568sed -i 's/#\?PermitRootLogin .*/PermitRootLogin yes/' "${SDCARD}"/etc/ssh/sshd_config569570# enable PubkeyAuthentication571sed -i 's/#\?PubkeyAuthentication .*/PubkeyAuthentication yes/' "${SDCARD}"/etc/ssh/sshd_config572573if [ -f "${SDCARD}"/etc/NetworkManager/NetworkManager.conf ]; then574# configure network manager575sed "s/managed=\(.*\)/managed=true/g" -i "${SDCARD}"/etc/NetworkManager/NetworkManager.conf576577# remove network manager defaults to handle eth by default578rm -f "${SDCARD}"/usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf579580# most likely we don't need to wait for nm to get online581chroot "${SDCARD}" /bin/bash -c "systemctl disable NetworkManager-wait-online.service" >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1582583# Just regular DNS and maintain /etc/resolv.conf as a file584sed "/dns/d" -i "${SDCARD}"/etc/NetworkManager/NetworkManager.conf585sed "s/\[main\]/\[main\]\ndns=default\nrc-manager=file/g" -i "${SDCARD}"/etc/NetworkManager/NetworkManager.conf586if [[ -n $NM_IGNORE_DEVICES ]]; then587mkdir -p "${SDCARD}"/etc/NetworkManager/conf.d/588cat <<-EOF > "${SDCARD}"/etc/NetworkManager/conf.d/10-ignore-interfaces.conf589[keyfile]590unmanaged-devices=$NM_IGNORE_DEVICES591EOF592fi593594elif [ -d "${SDCARD}"/etc/systemd/network ]; then595# configure networkd596rm "${SDCARD}"/etc/resolv.conf597ln -s /run/systemd/resolve/resolv.conf "${SDCARD}"/etc/resolv.conf598599# enable services600chroot "${SDCARD}" /bin/bash -c "systemctl enable systemd-networkd.service systemd-resolved.service" >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1601602if [ -e /etc/systemd/timesyncd.conf ]; then603chroot "${SDCARD}" /bin/bash -c "systemctl enable systemd-timesyncd.service" >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1604fi605umask 022606cat > "${SDCARD}"/etc/systemd/network/eth0.network <<- __EOF__607[Match]608Name=eth0609610[Network]611#MACAddress=612DHCP=ipv4613LinkLocalAddressing=ipv4614#Address=192.168.1.100/24615#Gateway=192.168.1.1616#DNS=192.168.1.1617#Domains=example.com618NTP=0.pool.ntp.org 1.pool.ntp.org619__EOF__620621fi622623# avahi daemon defaults if exists624[[ -f "${SDCARD}"/usr/share/doc/avahi-daemon/examples/sftp-ssh.service ]] && \625cp "${SDCARD}"/usr/share/doc/avahi-daemon/examples/sftp-ssh.service "${SDCARD}"/etc/avahi/services/626[[ -f "${SDCARD}"/usr/share/doc/avahi-daemon/examples/ssh.service ]] && \627cp "${SDCARD}"/usr/share/doc/avahi-daemon/examples/ssh.service "${SDCARD}"/etc/avahi/services/628629# nsswitch settings for sane DNS behavior: remove resolve, assure libnss-myhostname support630sed "s/hosts\:.*/hosts: files mymachines dns myhostname/g" -i "${SDCARD}"/etc/nsswitch.conf631632# build logo in any case633boot_logo634635# disable MOTD for first boot - we want as clean 1st run as possible636chmod -x "${SDCARD}"/etc/update-motd.d/*637638}639640install_rclocal()641{642643if [[ $BURN_IMAGE == yes ]]; then644645cat <<-EOF > "${SDCARD}"/etc/rc.local646#!/bin/sh -e647#648# rc.local649#650# This script is executed at the end of each multiuser runlevel.651# Make sure that the script will "exit 0" on success or any other652# value on error.653#654# In order to enable or disable this script just change the execution655# bits.656#657# By default this script does nothing.658659burn_to_emmc660661exit 0662EOF663664else665666cat <<-EOF > "${SDCARD}"/etc/rc.local667#!/bin/sh -e668#669# rc.local670#671# This script is executed at the end of each multiuser runlevel.672# Make sure that the script will "exit 0" on success or any other673# value on error.674#675# In order to enable or disable this script just change the execution676# bits.677#678# By default this script does nothing.679680exit 0681EOF682683fi684chmod +x "${SDCARD}"/etc/rc.local685686}687688install_distribution_specific()689{690691display_alert "Applying distribution specific tweaks for" "$RELEASE" "info"692693case $RELEASE in694695xenial)696697# remove legal info from Ubuntu698[[ -f "${SDCARD}"/etc/legal ]] && rm "${SDCARD}"/etc/legal699700# ureadahead needs kernel tracing options that AFAIK are present only in mainline. disable701chroot "${SDCARD}" /bin/bash -c \702"systemctl --no-reload mask ondemand.service ureadahead.service >/dev/null 2>&1"703chroot "${SDCARD}" /bin/bash -c \704"systemctl --no-reload mask setserial.service etc-setserial.service >/dev/null 2>&1"705706;;707708stretch|buster|sid)709710# remove doubled uname from motd711[[ -f "${SDCARD}"/etc/update-motd.d/10-uname ]] && rm "${SDCARD}"/etc/update-motd.d/10-uname712# rc.local is not existing but one might need it713install_rclocal714715;;716717bullseye)718719# remove doubled uname from motd720[[ -f "${SDCARD}"/etc/update-motd.d/10-uname ]] && rm "${SDCARD}"/etc/update-motd.d/10-uname721# rc.local is not existing but one might need it722install_rclocal723# fix missing versioning724[[ $(grep -L "VERSION_ID=" "${SDCARD}"/etc/os-release) ]] && echo 'VERSION_ID="11"' >> "${SDCARD}"/etc/os-release725[[ $(grep -L "VERSION=" "${SDCARD}"/etc/os-release) ]] && echo 'VERSION="11 (bullseye)"' >> "${SDCARD}"/etc/os-release726727728;;729730bookworm)731732# remove doubled uname from motd733[[ -f "${SDCARD}"/etc/update-motd.d/10-uname ]] && rm "${SDCARD}"/etc/update-motd.d/10-uname734# rc.local is not existing but one might need it735install_rclocal736# fix missing versioning737[[ $(grep -L "VERSION_ID=" "${SDCARD}"/etc/os-release) ]] && echo 'VERSION_ID="12"' >> "${SDCARD}"/etc/os-release738[[ $(grep -L "VERSION=" "${SDCARD}"/etc/os-release) ]] && echo 'VERSION="11 (bookworm)"' >> "${SDCARD}"/etc/os-release739740# remove security updates repository since it does not exists yet741sed '/security/ d' -i "${SDCARD}"/etc/apt/sources.list742743;;744745bionic|focal|hirsute|impish|jammy|noble)746747# by using default lz4 initrd compression leads to corruption, go back to proven method748sed -i "s/^COMPRESS=.*/COMPRESS=gzip/" "${SDCARD}"/etc/initramfs-tools/initramfs.conf749echo -e "\n[Install]\nWantedBy=multi-user.target" >> "${SDCARD}"/lib/systemd/system/lightdm.service750751# cleanup motd services and related files752chroot "${SDCARD}" /bin/bash -c "systemctl disable motd-news.service >/dev/null 2>&1"753chroot "${SDCARD}" /bin/bash -c "systemctl disable motd-news.timer >/dev/null 2>&1"754755rm -f "${SDCARD}"/etc/update-motd.d/{10-uname,10-help-text,50-motd-news,80-esm,80-livepatch,90-updates-available,91-release-upgrade,95-hwe-eol}756757# remove motd news from motd.ubuntu.com758[[ -f "${SDCARD}"/etc/default/motd-news ]] && sed -i "s/^ENABLED=.*/ENABLED=0/" "${SDCARD}"/etc/default/motd-news759760# rc.local is not existing but one might need it761install_rclocal762763if [ -d "${SDCARD}"/etc/NetworkManager ]; then764local RENDERER=NetworkManager765else766local RENDERER=networkd767fi768769# Basic Netplan config. Let NetworkManager/networkd manage all devices on this system770[[ -d "${SDCARD}"/etc/netplan ]] && cat <<-EOF > "${SDCARD}"/etc/netplan/orangepi-default.yaml771network:772version: 2773renderer: $RENDERER774EOF775776# DNS fix777if [ -n "$NAMESERVER" ]; then778sed -i "s/#DNS=.*/DNS=$NAMESERVER/g" "${SDCARD}"/etc/systemd/resolved.conf779fi780781# Journal service adjustements782sed -i "s/#Storage=.*/Storage=volatile/g" "${SDCARD}"/etc/systemd/journald.conf783sed -i "s/#Compress=.*/Compress=yes/g" "${SDCARD}"/etc/systemd/journald.conf784sed -i "s/#RateLimitIntervalSec=.*/RateLimitIntervalSec=30s/g" "${SDCARD}"/etc/systemd/journald.conf785sed -i "s/#RateLimitBurst=.*/RateLimitBurst=10000/g" "${SDCARD}"/etc/systemd/journald.conf786787# Chrony temporal fix https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1878005788sed -i '/DAEMON_OPTS=/s/"-F -1"/"-F 0"/' "${SDCARD}"/etc/default/chrony789790# disable conflicting services791chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload mask ondemand.service >/dev/null 2>&1"792793;;794795esac796797# use list modules INITRAMFS798if [ -f "${EXTER}"/config/modules/"${MODULES_INITRD}" ]; then799display_alert "Use file list modules INITRAMFS" "${MODULES_INITRD}"800sed -i "s/^MODULES=.*/MODULES=list/" "${SDCARD}"/etc/initramfs-tools/initramfs.conf801cat "${EXTER}"/config/modules/"${MODULES_INITRD}" >> "${SDCARD}"/etc/initramfs-tools/modules802fi803}804805806807808post_debootstrap_tweaks()809{810811# remove service start blockers and QEMU binary812rm -f "${SDCARD}"/sbin/initctl "${SDCARD}"/sbin/start-stop-daemon813chroot "${SDCARD}" /bin/bash -c "dpkg-divert --quiet --local --rename --remove /sbin/initctl"814chroot "${SDCARD}" /bin/bash -c "dpkg-divert --quiet --local --rename --remove /sbin/start-stop-daemon"815rm -f "${SDCARD}"/usr/sbin/policy-rc.d "${SDCARD}/usr/bin/${QEMU_BINARY}"816817call_extension_method "post_post_debootstrap_tweaks" "config_post_debootstrap_tweaks" << 'POST_POST_DEBOOTSTRAP_TWEAKS'818*run after removing diversions and qemu with chroot unmounted*819Last chance to touch the `${SDCARD}` filesystem before it is copied to the final media.820It is too late to run any chrooted commands, since the supporting filesystems are already unmounted.821POST_POST_DEBOOTSTRAP_TWEAKS822823}824825on_chroot()826{827if [ "$SETFCAP" != "1" ]; then828export CAPSH_ARG="--drop=cap_setfcap"829fi830831capsh $CAPSH_ARG "--chroot=${ROOTFS_DIR}/" -- -e "$@"832}833export -f on_chroot834835# shellcheck disable=SC2119836run_sub_stage()837{838log "Begin ${SUB_STAGE_DIR}"839#pushd "${SUB_STAGE_DIR}" > /dev/null840cd ${SUB_STAGE_DIR}841842for i in {00..99}; do843if [ -f "${SUB_STAGE_DIR}/${i}-debconf" ]; then844display_alert "Begin ${SUB_STAGE_DIR}/${i}-debconf" "" "info"845on_chroot << EOF846debconf-set-selections <<SELEOF847$(cat "${i}-debconf")848SELEOF849EOF850display_alert "End ${SUB_STAGE_DIR}/${i}-debconf" "" "info"851fi852if [ -f "${SUB_STAGE_DIR}/${i}-packages-nr" ]; then853display_alert "Begin ${SUB_STAGE_DIR}/${i}-packages-nr" "" "info"854PACKAGES="$(sed -f "${EXTER}/packages/raspi/scripts/remove-comments.sed" < "${SUB_STAGE_DIR}/${i}-packages-nr")"855if [ -n "$PACKAGES" ]; then856on_chroot << EOF857apt-get -o Acquire::Retries=3 install --no-install-recommends -y $PACKAGES858EOF859fi860display_alert "End ${SUB_STAGE_DIR}/${i}-packages-nr" "" "info"861fi862if [ -f "${SUB_STAGE_DIR}/${i}-packages" ]; then863display_alert "Begin ${SUB_STAGE_DIR}/${i}-packages" "" "info"864PACKAGES="$(sed -f "${EXTER}/packages/raspi/scripts/remove-comments.sed" < "${SUB_STAGE_DIR}/${i}-packages")"865if [ -n "$PACKAGES" ]; then866on_chroot << EOF867apt-get -o Acquire::Retries=3 install -y $PACKAGES868EOF869fi870display_alert "End ${SUB_STAGE_DIR}/${i}-packages" "" "info"871fi872# if [ -d "${SUB_STAGE_DIR}/${i}-patches" ]; then873# log "Begin ${SUB_STAGE_DIR}/${i}-patches"874# pushd "${STAGE_WORK_DIR}" > /dev/null875# #cd ${STAGE_WORK_DIR}876#877# QUILT_PATCHES="${SUB_STAGE_DIR}/${i}-patches"878# SUB_STAGE_QUILT_PATCH_DIR="$(basename "$SUB_STAGE_DIR")-pc"879# mkdir -p "$STAGE_WORK_DIR/$SUB_STAGE_QUILT_PATCH_DIR"880# ln -snf "$STAGE_WORK_DIR/$SUB_STAGE_QUILT_PATCH_DIR" .pc881# ln -snfv "${ROOTFS_DIR}" ${STAGE_WORK_DIR}/rootfs882# quilt upgrade883# if [ -e "${SUB_STAGE_DIR}/${i}-patches/EDIT" ]; then884# echo "Dropping into bash to edit patches..."885# bash886# fi887# RC=0888# quilt push -a || RC=$?889# case "$RC" in890# 0|2)891# ;;892# *)893# false894# ;;895# esac896# #popd > /dev/null897# cd -898# log "End ${SUB_STAGE_DIR}/${i}-patches"899# fi900if [ -x ${i}-run.sh ]; then901display_alert "Begin ${SUB_STAGE_DIR}/${i}-run.sh" "" "info"902./${i}-run.sh903display_alert "End ${SUB_STAGE_DIR}/${i}-run.sh" "" "info"904fi905if [ -f ${i}-run-chroot.sh ]; then906display_alert "Begin ${SUB_STAGE_DIR}/${i}-run-chroot.sh" "" "info"907on_chroot < ${i}-run-chroot.sh908display_alert "End ${SUB_STAGE_DIR}/${i}-run-chroot.sh" "" "info"909fi910done911#popd > /dev/null912log "End ${SUB_STAGE_DIR}"913}914915run_stage(){916rm -rf "${SRC}"/output/raspi917[[ ! -d "${SRC}"/output/raspi ]] && mkdir -p "${SRC}"/output/raspi918919STAGE_WORK_DIR="${SRC}/output/raspi"920921if [ ! -f ${STAGE_DIR}/SKIP ]; then922if [ -x ${STAGE_DIR}/prerun.sh ]; then923display_alert "Begin ${STAGE_DIR}/prerun.sh" "" "info"924source ${STAGE_DIR}/prerun.sh925display_alert "End ${STAGE_DIR}/prerun.sh" "" "info"926fi927928for SUB_STAGE_DIR in "${STAGE_DIR}"/*; do929if [ -d "${SUB_STAGE_DIR}" ] && [ ! -f "${SUB_STAGE_DIR}/SKIP" ]; then930run_sub_stage931fi932done933fi934}935936log ()937{938date +"[%T] $*"939}940941install_opi_specific()942{943cd $SRC944945# install u-boot946UBOOT_VER=$(dpkg --info "${DEB_STORAGE}/u-boot/${CHOSEN_UBOOT}_${REVISION}_${ARCH}.deb" | grep Descr | awk '{print $(NF)}')947install_deb_chroot "${DEB_STORAGE}/u-boot/${CHOSEN_UBOOT}_${REVISION}_${ARCH}.deb"948949# install kernel950VER=$(dpkg --info "${DEB_STORAGE}/${CHOSEN_KERNEL}_${REVISION}_${ARCH}.deb" | awk -F"-" '/Source:/{print $2}')951install_deb_chroot "${DEB_STORAGE}/${CHOSEN_KERNEL}_${REVISION}_${ARCH}.deb"952if [[ -f ${DEB_STORAGE}/${CHOSEN_KERNEL/image/dtb}_${REVISION}_${ARCH}.deb ]]; then953install_deb_chroot "${DEB_STORAGE}/${CHOSEN_KERNEL/image/dtb}_${REVISION}_${ARCH}.deb"954fi955if [[ $INSTALL_HEADERS == yes ]]; then956install_deb_chroot "${DEB_STORAGE}/${CHOSEN_KERNEL/image/headers}_${REVISION}_${ARCH}.deb"957else958cp "${DEB_STORAGE}/${CHOSEN_KERNEL/image/headers}_${REVISION}_${ARCH}.deb" "${SDCARD}"/opt/959fi960961dpkg_install_deb_chroot "$EXTER/packages/raspi/orangepi/debs/raspi-config_20230214_all.deb"962963case ${BOARDFAMILY} in964"rockchip-rk356x")965rk35xx_gpu_vpu_tweaks966esac967968[[ ! -d "${SDCARD}/lib/firmware" ]] && mkdir -p "${SDCARD}/lib/firmware"969cp -rfa ${EXTER}/cache/sources/orangepi-firmware-git/* ${SDCARD}/lib/firmware/970971# NOTE: this needs to be executed before family_tweaks972local bootscript_src=${BOOTSCRIPT%%:*}973local bootscript_dst=${BOOTSCRIPT##*:}974975if [[ "${BOOTCONFIG}" != "none" ]]; then976if [ -f "${USERPATCHES_PATH}/bootscripts/${bootscript_src}" ]; then977cp "${USERPATCHES_PATH}/bootscripts/${bootscript_src}" "${SDCARD}/boot/${bootscript_dst}"978else979cp "${EXTER}/config/bootscripts/${bootscript_src}" "${SDCARD}/boot/${bootscript_dst}"980fi981fi982983if [[ -n $BOOTENV_FILE ]]; then984if [[ -f $USERPATCHES_PATH/bootenv/$BOOTENV_FILE ]]; then985cp "$USERPATCHES_PATH/bootenv/${BOOTENV_FILE}" "${SDCARD}"/boot/orangepiEnv.txt986elif [[ -f $EXTER/config/bootenv/$BOOTENV_FILE ]]; then987cp "${EXTER}/config/bootenv/${BOOTENV_FILE}" "${SDCARD}"/boot/orangepiEnv.txt988fi989fi990991[[ -n $OVERLAY_PREFIX && -f "${SDCARD}"/boot/orangepiEnv.txt && ($BRANCH =~ current|next || $BOARDFAMILY =~ "rockchip-rk3588"|"rockchip-rk356x") ]] && \992echo "overlay_prefix=$OVERLAY_PREFIX" >> "${SDCARD}"/boot/orangepiEnv.txt993994[[ -n $DEFAULT_OVERLAYS && -f "${SDCARD}"/boot/orangepiEnv.txt && ($BRANCH =~ current|next || $BOARDFAMILY =~ "rockchip-rk3588"|"rockchip-rk356x") ]] && \995echo "overlays=${DEFAULT_OVERLAYS//,/ }" >> "${SDCARD}"/boot/orangepiEnv.txt996997[[ -n $BOOT_FDT_FILE && -f "${SDCARD}"/boot/orangepiEnv.txt ]] && \998echo "fdtfile=${BOOT_FDT_FILE}" >> "${SDCARD}/boot/orangepiEnv.txt"9991000# install initial asound.state if defined1001mkdir -p "${SDCARD}"/var/lib/alsa/1002[[ -n $ASOUND_STATE ]] && cp "${EXTER}/packages/blobs/asound.state/${ASOUND_STATE}" "${SDCARD}"/var/lib/alsa/asound.state10031004# create modules file1005local modules=MODULES_${BRANCH^^}1006if [[ -n "${!modules}" ]]; then1007tr ' ' '\n' <<< "${!modules}" > "${SDCARD}"/etc/modules1008elif [[ -n "${MODULES}" ]]; then1009tr ' ' '\n' <<< "${MODULES}" > "${SDCARD}"/etc/modules1010fi10111012# create blacklist files1013local blacklist=MODULES_BLACKLIST_${BRANCH^^}1014if [[ -n "${!blacklist}" ]]; then1015tr ' ' '\n' <<< "${!blacklist}" | sed -e 's/^/blacklist /' > "${SDCARD}/etc/modprobe.d/blacklist-${BOARD}.conf"1016elif [[ -n "${MODULES_BLACKLIST}" ]]; then1017tr ' ' '\n' <<< "${MODULES_BLACKLIST}" | sed -e 's/^/blacklist /' > "${SDCARD}/etc/modprobe.d/blacklist-${BOARD}.conf"1018fi10191020cat <<-EOF > "${SDCARD}"/etc/orangepi-release1021# PLEASE DO NOT EDIT THIS FILE1022BOARD=${BOARD}1023BOARD_NAME="$BOARD_NAME"1024BOARDFAMILY=${BOARDFAMILY}1025BUILD_REPOSITORY_URL=${BUILD_REPOSITORY_URL}1026BUILD_REPOSITORY_COMMIT=${BUILD_REPOSITORY_COMMIT}1027DISTRIBUTION_CODENAME=${RELEASE}1028DISTRIBUTION_STATUS=${DISTRIBUTION_STATUS}1029VERSION=${REVISION}1030LINUXFAMILY=${LINUXFAMILY}1031ARCH=${ARCHITECTURE}1032IMAGE_TYPE=$IMAGE_TYPE1033BOARD_TYPE=$BOARD_TYPE1034INITRD_ARCH=${INITRD_ARCH}1035KERNEL_IMAGE_TYPE=${KERNEL_IMAGE_TYPE}1036BRANCH=${BRANCH}1037EOF10381039install -d "${SDCARD}/etc/initramfs/post-update.d/"1040install -m 755 "${EXTER}/packages/bsp/common/etc/initramfs/post-update.d/99-uboot" "${SDCARD}/etc/initramfs/post-update.d/"10411042install -m 755 "${EXTER}/packages/raspi/orangepi/common/files/hciattach_opi" "${SDCARD}/usr/bin/"1043install -m 755 "${EXTER}/packages/raspi/orangepi/common/files/brcm_patchram_plus" "${SDCARD}/usr/bin/"10441045install -d "${SDCARD}/usr/lib/orangepi/"1046install -m 755 "${EXTER}/packages/raspi/orangepi/common/files/orangepi-hardware-optimization" "${SDCARD}/usr/lib/orangepi/"1047install -m 755 "${EXTER}/packages/raspi/orangepi/common/files/orangepi-hardware-optimize.service" "${SDCARD}/usr/lib/systemd/system/"1048chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-hardware-optimize.service >/dev/null 2>&1"10491050install_wiringop10511052rm $SDCARD/root/*.deb >/dev/null 2>&11053}10541055install_raspi_specific()1056{1057export TARGET_HOSTNAME=${TARGET_HOSTNAME:-raspberrypi}1058export FIRST_USER_NAME=${FIRST_USER_NAME:-pi}1059export FIRST_USER_PASS1060export DISABLE_FIRST_BOOT_USER_RENAME=${DISABLE_FIRST_BOOT_USER_RENAME:-0}1061export WPA_ESSID1062export WPA_PASSWORD1063export WPA_COUNTRY1064export ENABLE_SSH="${ENABLE_SSH:-0}"1065export PUBKEY_ONLY_SSH="${PUBKEY_ONLY_SSH:-0}"10661067export LOCALE_DEFAULT="${LOCALE_DEFAULT:-en_GB.UTF-8}"10681069export KEYBOARD_KEYMAP="${KEYBOARD_KEYMAP:-gb}"1070export KEYBOARD_LAYOUT="${KEYBOARD_LAYOUT:-English (UK)}"10711072export TIMEZONE_DEFAULT="${TIMEZONE_DEFAULT:-Europe/London}"10731074export PUBKEY_SSH_FIRST_USER10751076export APT_PROXY10771078export STAGE1079export STAGE_DIR1080export STAGE_WORK_DIR1081export PREV_STAGE1082export PREV_STAGE_DIR1083export ROOTFS_DIR=${SDCARD}1084export PREV_ROOTFS_DIR1085export IMG_SUFFIX1086export NOOBS_NAME1087export NOOBS_DESCRIPTION1088export EXPORT_DIR1089export EXPORT_ROOTFS_DIR10901091export QUILT_PATCHES1092export QUILT_NO_DIFF_INDEX=11093export QUILT_NO_DIFF_TIMESTAMPS=11094export QUILT_REFRESH_ARGS="-p ab"10951096#check username is valid1097if [[ ! "$FIRST_USER_NAME" =~ ^[a-z][-a-z0-9_]*$ ]]; then1098echo "Invalid FIRST_USER_NAME: $FIRST_USER_NAME"1099exit 11100fi11011102if [[ "$DISABLE_FIRST_BOOT_USER_RENAME" == "1" ]] && [ -z "${FIRST_USER_PASS}" ]; then1103echo "To disable user rename on first boot, FIRST_USER_PASS needs to be set"1104echo "Not setting FIRST_USER_PASS makes your system vulnerable and open to cyberattacks"1105exit 11106fi11071108if [[ "$DISABLE_FIRST_BOOT_USER_RENAME" == "1" ]]; then1109echo "User rename on the first boot is disabled"1110echo "Be advised of the security risks linked to shipping a device with default username/password set."1111fi11121113if [[ -n "${APT_PROXY}" ]] && ! curl --silent "${APT_PROXY}" >/dev/null ; then1114echo "Could not reach APT_PROXY server: ${APT_PROXY}"1115exit 11116fi11171118if [[ -n "${WPA_PASSWORD}" && ${#WPA_PASSWORD} -lt 8 || ${#WPA_PASSWORD} -gt 63 ]] ; then1119echo "WPA_PASSWORD" must be between 8 and 63 characters1120exit 11121fi11221123if [[ "${PUBKEY_ONLY_SSH}" = "1" && -z "${PUBKEY_SSH_FIRST_USER}" ]]; then1124echo "Must set 'PUBKEY_SSH_FIRST_USER' to a valid SSH public key if using PUBKEY_ONLY_SSH"1125exit 11126fi11271128RASPI_DIR="${EXTER}/packages/raspi"11291130if [[ ${BUILD_DESKTOP} == "yes" ]]; then1131rm -r ${RASPI_DIR}/stage3/SKIP ${RASPI_DIR}/stage4/SKIP ${RASPI_DIR}/stage5/SKIP 2>/dev/null1132touch ${RASPI_DIR}/stage5/SKIP1133else1134rm -r ${RASPI_DIR}/stage1/SKIP ${RASPI_DIR}/stage2/SKIP 2>/dev/null1135touch ${RASPI_DIR}/stage3/SKIP ${RASPI_DIR}/stage4/SKIP ${RASPI_DIR}/stage5/SKIP1136export FIRST_USER_PASS="pi"1137fi11381139STAGE_LIST=${RASPI_DIR}/stage*11401141for STAGE_DIR in $STAGE_LIST; do1142STAGE_DIR=$(realpath "${STAGE_DIR}")1143run_stage1144done11451146STAGE_DIR=${RASPI_DIR}/export-image1147run_stage11481149rm -rf ${SDCARD}/boot/*1150rm -rf ${SDCARD}/lib/firmware1151rm -rf ${SDCARD}/lib/modules/*1152}115311541155