Path: blob/next/scripts/distributions.sh
22162 views
#!/bin/bash1#2# Copyright (c) 2013-2021 Igor Pecovnik, igor.pecovnik@gma**.com3#4# This file is licensed under the terms of the GNU General Public5# License version 2. This program is licensed "as is" without any6# warranty of any kind, whether express or implied.789# Functions:1011# install_common12# install_rclocal13# install_distribution_specific14# post_debootstrap_tweaks1516171819install_common()20{21display_alert "Applying common tweaks" "" "info"2223# install rootfs encryption related packages separate to not break packages cache24if [[ $CRYPTROOT_ENABLE == yes ]]; then25display_alert "Installing rootfs encryption related packages" "cryptsetup" "info"26chroot "${SDCARD}" /bin/bash -c "apt-get -y -qq --no-install-recommends install cryptsetup" \27>> "${DEST}"/${LOG_SUBPATH}/install.log 2>&128if [[ $CRYPTROOT_SSH_UNLOCK == yes ]]; then29display_alert "Installing rootfs encryption related packages" "dropbear-initramfs" "info"30chroot "${SDCARD}" /bin/bash -c "apt-get -y -qq --no-install-recommends install dropbear-initramfs cryptsetup-initramfs" \31>> "${DEST}"/${LOG_SUBPATH}/install.log 2>&132fi3334fi3536# add dummy fstab entry to make mkinitramfs happy37echo "/dev/mmcblk0p1 / $ROOTFS_TYPE defaults 0 1" >> "${SDCARD}"/etc/fstab38# required for initramfs-tools-core on Stretch since it ignores the / fstab entry39echo "/dev/mmcblk0p2 /usr $ROOTFS_TYPE defaults 0 2" >> "${SDCARD}"/etc/fstab4041# adjust initramfs dropbear configuration42# needs to be done before kernel installation, else it won't be in the initrd image43if [[ $CRYPTROOT_ENABLE == yes && $CRYPTROOT_SSH_UNLOCK == yes ]]; then44# Set the port of the dropbear ssh daemon in the initramfs to a different one if configured45# this avoids the typical 'host key changed warning' - `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!`46[[ -f "${SDCARD}"/etc/dropbear-initramfs/config ]] && \47sed -i 's/^#DROPBEAR_OPTIONS=/DROPBEAR_OPTIONS="-p '"${CRYPTROOT_SSH_UNLOCK_PORT}"'"/' \48"${SDCARD}"/etc/dropbear-initramfs/config4950# setup dropbear authorized_keys, either provided by userpatches or generated51if [[ -f $USERPATCHES_PATH/dropbear_authorized_keys ]]; then52cp "$USERPATCHES_PATH"/dropbear_authorized_keys "${SDCARD}"/etc/dropbear-initramfs/authorized_keys53else54# generate a default ssh key for login on dropbear in initramfs55# this key should be changed by the user on first login56display_alert "Generating a new SSH key pair for dropbear (initramfs)" "" ""57ssh-keygen -t ecdsa -f "${SDCARD}"/etc/dropbear-initramfs/id_ecdsa \58-N '' -O force-command=cryptroot-unlock -C 'AUTOGENERATED_BY_ARMBIAN_BUILD' >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&15960# /usr/share/initramfs-tools/hooks/dropbear will automatically add 'id_ecdsa.pub' to authorized_keys file61# during mkinitramfs of update-initramfs62#cat "${SDCARD}"/etc/dropbear-initramfs/id_ecdsa.pub > "${SDCARD}"/etc/dropbear-initramfs/authorized_keys63# The version of the Linux kernel64CRYPTROOT_SSH_UNLOCK_KEY_NAME="${BOARD^}_${REVISION}_${DISTRIBUTION,}_${RELEASE}_${SELECTED_CONFIGURATION}_linux"$(grab_version "$LINUXSOURCEDIR")"".key65# copy dropbear ssh key to image output dir for convenience66cp "${SDCARD}"/etc/dropbear-initramfs/id_ecdsa "${DEST}/images/${CRYPTROOT_SSH_UNLOCK_KEY_NAME}"67display_alert "SSH private key for dropbear (initramfs) has been copied to:" \68"$DEST/images/$CRYPTROOT_SSH_UNLOCK_KEY_NAME" "info"69fi70fi7172# create modules file73local modules=MODULES_${BRANCH^^}74if [[ -n "${!modules}" ]]; then75tr ' ' '\n' <<< "${!modules}" > "${SDCARD}"/etc/modules76elif [[ -n "${MODULES}" ]]; then77tr ' ' '\n' <<< "${MODULES}" > "${SDCARD}"/etc/modules78fi7980# create blacklist files81local blacklist=MODULES_BLACKLIST_${BRANCH^^}82if [[ -n "${!blacklist}" ]]; then83tr ' ' '\n' <<< "${!blacklist}" | sed -e 's/^/blacklist /' > "${SDCARD}/etc/modprobe.d/blacklist-${BOARD}.conf"84elif [[ -n "${MODULES_BLACKLIST}" ]]; then85tr ' ' '\n' <<< "${MODULES_BLACKLIST}" | sed -e 's/^/blacklist /' > "${SDCARD}/etc/modprobe.d/blacklist-${BOARD}.conf"86fi8788# configure MIN / MAX speed for cpufrequtils89cat <<-EOF > "${SDCARD}"/etc/default/cpufrequtils90ENABLE=true91MIN_SPEED=$CPUMIN92MAX_SPEED=$CPUMAX93GOVERNOR=$GOVERNOR94EOF9596# remove default interfaces file if present97# before installing board support package98rm -f "${SDCARD}"/etc/network/interfaces99100# disable selinux by default101mkdir -p "${SDCARD}"/selinux102[[ -f "${SDCARD}"/etc/selinux/config ]] && sed "s/^SELINUX=.*/SELINUX=disabled/" -i "${SDCARD}"/etc/selinux/config103104# remove Ubuntu's legal text105[[ -f "${SDCARD}"/etc/legal ]] && rm "${SDCARD}"/etc/legal106107# Prevent loading paralel printer port drivers which we don't need here.108# Suppress boot error if kernel modules are absent109if [[ -f "${SDCARD}"/etc/modules-load.d/cups-filters.conf ]]; then110sed "s/^lp/#lp/" -i "${SDCARD}"/etc/modules-load.d/cups-filters.conf111sed "s/^ppdev/#ppdev/" -i "${SDCARD}"/etc/modules-load.d/cups-filters.conf112sed "s/^parport_pc/#parport_pc/" -i "${SDCARD}"/etc/modules-load.d/cups-filters.conf113fi114115# console fix due to Debian bug116sed -e 's/CHARMAP=".*"/CHARMAP="'$CONSOLE_CHAR'"/g' -i "${SDCARD}"/etc/default/console-setup117118# add the /dev/urandom path to the rng config file119echo "HRNGDEVICE=/dev/urandom" >> "${SDCARD}"/etc/default/rng-tools120121# ping needs privileged action to be able to create raw network socket122# this is working properly but not with (at least) Debian Buster123chroot "${SDCARD}" /bin/bash -c "chmod u+s /bin/ping"124125# change time zone data126echo "${TZDATA}" > "${SDCARD}"/etc/timezone127chroot "${SDCARD}" /bin/bash -c "dpkg-reconfigure -f noninteractive tzdata >/dev/null 2>&1"128129# set root password130chroot "${SDCARD}" /bin/bash -c "(echo $ROOTPWD;echo $ROOTPWD;) | passwd root >/dev/null 2>&1"131132# enable automated login to console(s)133#mkdir -p "${SDCARD}"/etc/systemd/system/[email protected]/134#mkdir -p "${SDCARD}"/etc/systemd/system/[email protected]/135#cat <<-EOF > "${SDCARD}"/etc/systemd/system/[email protected]/override.conf136#[Service]137#ExecStartPre=/bin/sh -c 'exec /bin/sleep 10'138#ExecStart=139#ExecStart=-/sbin/agetty --noissue --autologin root %I \$TERM140#Type=idle141#EOF142#cp "${SDCARD}"/etc/systemd/system/[email protected]/override.conf "${SDCARD}"/etc/systemd/system/[email protected]/override.conf143144# force change root password at first login145#chroot "${SDCARD}" /bin/bash -c "chage -d 0 root"146147# change console welcome text148echo -e "${VENDOR} ${REVISION} ${RELEASE^} \\l \n" > "${SDCARD}"/etc/issue149echo "${VENDOR} ${REVISION} ${RELEASE^}" > "${SDCARD}"/etc/issue.net150sed -i "s/^PRETTY_NAME=.*/PRETTY_NAME=\"${VENDOR} $REVISION "${RELEASE^}"\"/" "${SDCARD}"/etc/os-release151152# enable few bash aliases enabled in Ubuntu by default to make it even153sed "s/#alias ll='ls -l'/alias ll='ls -l'/" -i "${SDCARD}"/etc/skel/.bashrc154sed "s/#alias la='ls -A'/alias la='ls -A'/" -i "${SDCARD}"/etc/skel/.bashrc155sed "s/#alias l='ls -CF'/alias l='ls -CF'/" -i "${SDCARD}"/etc/skel/.bashrc156# root user is already there. Copy bashrc there as well157cp "${SDCARD}"/etc/skel/.bashrc "${SDCARD}"/root158159# display welcome message at first root login160touch "${SDCARD}"/root/.not_logged_in_yet161162if [[ ${DESKTOP_AUTOLOGIN} != no ]]; then163# set desktop autologin164touch "${SDCARD}"/root/.desktop_autologin165fi166167# NOTE: this needs to be executed before family_tweaks168local bootscript_src=${BOOTSCRIPT%%:*}169local bootscript_dst=${BOOTSCRIPT##*:}170local bootdir=$([[ "$BOOTFS_TYPE" == "fat" ]] || echo "/boot")171172# create extlinux config file173if [[ $SRC_EXTLINUX == yes ]]; then174mkdir -p $SDCARD/boot/extlinux175cat <<-EOF > "$SDCARD/boot/extlinux/extlinux.conf"176label ${VENDOR}177kernel $bootdir/$NAME_KERNEL178initrd $bootdir/$NAME_INITRD179EOF180if [[ -n $BOOT_FDT_FILE ]]; then181if [[ $BOOT_FDT_FILE != "none" ]]; then182echo " fdt $bootdir/dtb/$BOOT_FDT_FILE" >> "$SDCARD/boot/extlinux/extlinux.conf"183fi184else185echo " fdtdir $bootdir/dtb/" >> "$SDCARD/boot/extlinux/extlinux.conf"186fi187else188189if [[ "${BOOTCONFIG}" != "none" ]]; then190if [ -f "${USERPATCHES_PATH}/bootscripts/${bootscript_src}" ]; then191cp "${USERPATCHES_PATH}/bootscripts/${bootscript_src}" "${SDCARD}/boot/${bootscript_dst}"192else193cp "${EXTER}/config/bootscripts/${bootscript_src}" "${SDCARD}/boot/${bootscript_dst}"194fi195fi196197if [[ -n $BOOTENV_FILE ]]; then198if [[ -f $USERPATCHES_PATH/bootenv/$BOOTENV_FILE ]]; then199cp "$USERPATCHES_PATH/bootenv/${BOOTENV_FILE}" "${SDCARD}"/boot/orangepiEnv.txt200elif [[ -f $EXTER/config/bootenv/$BOOTENV_FILE ]]; then201cp "${EXTER}/config/bootenv/${BOOTENV_FILE}" "${SDCARD}"/boot/orangepiEnv.txt202fi203fi204205# TODO: modify $bootscript_dst or orangepiEnv.txt to make NFS boot universal206# instead of copying sunxi-specific template207if [[ $ROOTFS_TYPE == nfs ]]; then208display_alert "Copying NFS boot script template"209if [[ -f $USERPATCHES_PATH/nfs-boot.cmd ]]; then210cp "$USERPATCHES_PATH"/nfs-boot.cmd "${SDCARD}"/boot/boot.cmd211else212cp "${EXTER}"/config/templates/nfs-boot.cmd.template "${SDCARD}"/boot/boot.cmd213fi214fi215216[[ -n $OVERLAY_PREFIX && -f "${SDCARD}"/boot/orangepiEnv.txt && ($BRANCH =~ current|next || $BOARDFAMILY =~ "rockchip-rk3588"|"rockchip-rk356x") ]] && \217echo "overlay_prefix=$OVERLAY_PREFIX" >> "${SDCARD}"/boot/orangepiEnv.txt218219[[ -n $DEFAULT_OVERLAYS && -f "${SDCARD}"/boot/orangepiEnv.txt && ($BRANCH =~ current|next || $BOARDFAMILY =~ "rockchip-rk3588"|"rockchip-rk356x") ]] && \220echo "overlays=${DEFAULT_OVERLAYS//,/ }" >> "${SDCARD}"/boot/orangepiEnv.txt221222[[ -n $BOOT_FDT_FILE && -f "${SDCARD}"/boot/orangepiEnv.txt ]] && \223echo "fdtfile=${BOOT_FDT_FILE}" >> "${SDCARD}/boot/orangepiEnv.txt"224225fi226227# initial date for fake-hwclock228date -u '+%Y-%m-%d %H:%M:%S' > "${SDCARD}"/etc/fake-hwclock.data229230echo "${HOST}" > "${SDCARD}"/etc/hostname231232# set hostname in hosts file233cat <<-EOF > "${SDCARD}"/etc/hosts234127.0.0.1 localhost235127.0.1.1 $HOST236::1 localhost $HOST ip6-localhost ip6-loopback237fe00::0 ip6-localnet238ff00::0 ip6-mcastprefix239ff02::1 ip6-allnodes240ff02::2 ip6-allrouters241EOF242243cd $SRC244245# Prepare and export caching-related params common to all apt calls below, to maximize apt-cacher-ng usage246export APT_EXTRA_DIST_PARAMS=""247[[ $NO_APT_CACHER != yes ]] && APT_EXTRA_DIST_PARAMS="-o Acquire::http::Proxy=\"http://${APT_PROXY_ADDR:-localhost:3142}\" -o Acquire::http::Proxy::localhost=\"DIRECT\""248249display_alert "Cleaning" "package lists"250chroot "${SDCARD}" /bin/bash -c "apt-get clean"251252display_alert "Updating" "package lists"253chroot "${SDCARD}" /bin/bash -c "apt-get ${APT_EXTRA_DIST_PARAMS} update" >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1254255display_alert "Temporarily disabling" "initramfs-tools hook for kernel"256chroot "${SDCARD}" /bin/bash -c "chmod -v -x /etc/kernel/postinst.d/initramfs-tools" >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1257258# install family packages259if [[ -n ${PACKAGE_LIST_FAMILY} ]]; then260display_alert "Installing PACKAGE_LIST_FAMILY packages" "${PACKAGE_LIST_FAMILY}"261chroot "${SDCARD}" /bin/bash -c "DEBIAN_FRONTEND=noninteractive apt-get ${APT_EXTRA_DIST_PARAMS} -yqq --no-install-recommends install $PACKAGE_LIST_FAMILY" >> "${DEST}"/${LOG_SUBPATH}/install.log262fi263264# install board packages265if [[ -n ${PACKAGE_LIST_BOARD} ]]; then266display_alert "Installing PACKAGE_LIST_BOARD packages" "${PACKAGE_LIST_BOARD}"267chroot "${SDCARD}" /bin/bash -c "DEBIAN_FRONTEND=noninteractive apt-get ${APT_EXTRA_DIST_PARAMS} -yqq --no-install-recommends install $PACKAGE_LIST_BOARD" >> "${DEST}"/${LOG_SUBPATH}/install.log || { display_alert "Failed to install PACKAGE_LIST_BOARD" "${PACKAGE_LIST_BOARD}" "err"; exit 2; }268fi269270# remove family packages271if [[ -n ${PACKAGE_LIST_FAMILY_REMOVE} ]]; then272display_alert "Removing PACKAGE_LIST_FAMILY_REMOVE packages" "${PACKAGE_LIST_FAMILY_REMOVE}"273chroot "${SDCARD}" /bin/bash -c "DEBIAN_FRONTEND=noninteractive apt-get ${APT_EXTRA_DIST_PARAMS} -yqq remove --auto-remove $PACKAGE_LIST_FAMILY_REMOVE" >> "${DEST}"/${LOG_SUBPATH}/install.log274fi275276# remove board packages277if [[ -n ${PACKAGE_LIST_BOARD_REMOVE} ]]; then278display_alert "Removing PACKAGE_LIST_BOARD_REMOVE packages" "${PACKAGE_LIST_BOARD_REMOVE}"279for PKG_REMOVE in ${PACKAGE_LIST_BOARD_REMOVE}; do280chroot "${SDCARD}" /bin/bash -c "DEBIAN_FRONTEND=noninteractive apt-get ${APT_EXTRA_DIST_PARAMS} -yqq remove --auto-remove ${PKG_REMOVE}" >> "${DEST}"/${LOG_SUBPATH}/install.log281done282fi283284# install u-boot285# @TODO: add install_bootloader() extension method, refactor into u-boot extension286[[ "${BOOTCONFIG}" != "none" ]] && {287if [[ "${REPOSITORY_INSTALL}" != *u-boot* ]]; then288UBOOT_VER=$(dpkg --info "${DEB_STORAGE}/u-boot/${CHOSEN_UBOOT}_${REVISION}_${ARCH}.deb" | grep Descr | awk '{print $(NF)}')289install_deb_chroot "${DEB_STORAGE}/u-boot/${CHOSEN_UBOOT}_${REVISION}_${ARCH}.deb"290else291UBOOT_VER=$(dpkg --info "${DEB_ORANGEPI}/u-boot/${CHOSEN_UBOOT}_${REVISION}_${ARCH}.deb" | grep Descr | awk '{print $(NF)}')292install_deb_chroot "${DEB_ORANGEPI}/u-boot/${CHOSEN_UBOOT}_${REVISION}_${ARCH}.deb" "orangepi"293fi294}295296call_extension_method "pre_install_kernel_debs" << 'PRE_INSTALL_KERNEL_DEBS'297*called before installing the Armbian-built kernel deb packages*298It is not too late to `unset KERNELSOURCE` here and avoid kernel install.299PRE_INSTALL_KERNEL_DEBS300301# install kernel302[[ -n $KERNELSOURCE ]] && {303if [[ "${REPOSITORY_INSTALL}" != *kernel* ]]; then304VER=$(dpkg --info "${DEB_STORAGE}/${CHOSEN_KERNEL}_${REVISION}_${ARCH}.deb" | awk -F"-" '/Source:/{print $2}')305306install_deb_chroot "${DEB_STORAGE}/${CHOSEN_KERNEL}_${REVISION}_${ARCH}.deb"307if [[ -f ${DEB_STORAGE}/${CHOSEN_KERNEL/image/dtb}_${REVISION}_${ARCH}.deb ]]; then308install_deb_chroot "${DEB_STORAGE}/${CHOSEN_KERNEL/image/dtb}_${REVISION}_${ARCH}.deb"309fi310if [[ $INSTALL_HEADERS == yes ]]; then311install_deb_chroot "${DEB_STORAGE}/${CHOSEN_KERNEL/image/headers}_${REVISION}_${ARCH}.deb"312else313cp "${DEB_STORAGE}/${CHOSEN_KERNEL/image/headers}_${REVISION}_${ARCH}.deb" "${SDCARD}"/opt/314fi315else316VER=$(dpkg --info "${DEB_ORANGEPI}/${CHOSEN_KERNEL}_${REVISION}_${ARCH}.deb" | grep Descr | awk '{print $(NF)}')317VER="${VER/-$LINUXFAMILY/}"318319install_deb_chroot "${DEB_ORANGEPI}/${CHOSEN_KERNEL}_${REVISION}_${ARCH}.deb" "orangepi"320321if [[ -f ${DEB_ORANGEPI}/${CHOSEN_KERNEL/image/dtb}_${REVISION}_${ARCH}.deb ]]; then322install_deb_chroot "${DEB_ORANGEPI}/${CHOSEN_KERNEL/image/dtb}_${REVISION}_${ARCH}.deb" "orangepi"323fi324325if [[ $INSTALL_HEADERS == yes ]]; then326install_deb_chroot "${DEB_ORANGEPI}/${CHOSEN_KERNEL/image/headers}_${REVISION}_${ARCH}.deb" "orangepi"327fi328fi329}330331call_extension_method "post_install_kernel_debs" << 'POST_INSTALL_KERNEL_DEBS'332*allow config to do more with the installed kernel/headers*333Called after packages, u-boot, kernel and headers installed in the chroot, but before the BSP is installed.334If `KERNELSOURCE` is (still?) unset after this, Armbian-built firmware will not be installed.335POST_INSTALL_KERNEL_DEBS336337# install board support packages338if [[ "${REPOSITORY_INSTALL}" != *bsp* ]]; then339install_deb_chroot "${DEB_STORAGE}/$RELEASE/${BSP_CLI_PACKAGE_FULLNAME}.deb"340else341install_deb_chroot "${DEB_ORANGEPI}/$RELEASE/${CHOSEN_ROOTFS}_${BSP_CLI_PACKAGE_FULLNAME}.deb" "orangepi"342fi343344# install orangepi-desktop345if [[ "${REPOSITORY_INSTALL}" != *orangepi-desktop* ]]; then346if [[ $BUILD_DESKTOP == yes ]]; then347install_deb_chroot "${DEB_STORAGE}/${RELEASE}/${CHOSEN_DESKTOP}_${REVISION}_all.deb"348install_deb_chroot "${DEB_STORAGE}/${RELEASE}/${BSP_DESKTOP_PACKAGE_FULLNAME}.deb"349# install display manager and PACKAGE_LIST_DESKTOP_FULL packages if enabled per board350desktop_postinstall351fi352else353if [[ $BUILD_DESKTOP == yes ]]; then354install_deb_chroot "${CHOSEN_DESKTOP}" "orangepi"355# install display manager and PACKAGE_LIST_DESKTOP_FULL packages if enabled per board356desktop_postinstall357fi358fi359360# install orangepi-firmware361if [[ "${REPOSITORY_INSTALL}" != *orangepi-firmware* ]]; then362if [[ -f ${DEB_STORAGE}/orangepi-firmware_${REVISION}_all.deb ]]; then363install_deb_chroot "${DEB_STORAGE}/orangepi-firmware_${REVISION}_all.deb"364fi365else366if [[ -f ${DEB_STORAGE}/orangepi-firmware_${REVISION}_all.deb ]]; then367install_deb_chroot "${DEB_ORANGEPI}/orangepi-firmware_${REVISION}_all.deb" "orangepi"368fi369fi370371# install orangepi-config372if [[ "${PACKAGE_LIST_RM}" != *orangepi-config* ]]; then373if [[ "${REPOSITORY_INSTALL}" != *orangepi-config* ]]; then374if [[ $BUILD_MINIMAL != yes ]]; then375install_deb_chroot "${DEB_STORAGE}/orangepi-config_${REVISION}_all.deb"376fi377else378if [[ $BUILD_MINIMAL != yes ]]; then379install_deb_chroot "${DEB_ORANGEPI}/orangepi-config_${REVISION}_all.deb" "orangepi"380fi381fi382fi383384# install orangepi-zsh385if [[ "${PACKAGE_LIST_RM}" != *orangepi-zsh* ]]; then386if [[ "${REPOSITORY_INSTALL}" != *orangepi-zsh* ]]; then387if [[ $BUILD_MINIMAL != yes ]]; then388install_deb_chroot "${DEB_STORAGE}/orangepi-zsh_${REVISION}_all.deb"389fi390else391if [[ $BUILD_MINIMAL != yes ]]; then392install_deb_chroot "orangepi-zsh" "remote"393fi394fi395fi396397# install plymouth-theme-orangepi398if [[ $PLYMOUTH == yes && $BUILD_DESKTOP == yes && $RELEASE != buster ]]; then399if [[ "${REPOSITORY_INSTALL}" != *plymouth-theme-orangepi* ]]; then400install_deb_chroot "${DEB_STORAGE}/orangepi-plymouth-theme_${REVISION}_all.deb"401else402install_deb_chroot "orangepi-plymouth-theme" "remote"403fi404fi405406# install kernel sources407if [[ -f ${DEB_STORAGE}/${CHOSEN_KSRC}_${REVISION}_all.deb && $INSTALL_KSRC == yes ]]; then408install_deb_chroot "${DEB_STORAGE}/${CHOSEN_KSRC}_${REVISION}_all.deb"409elif [[ $INSTALL_KSRC == yes ]]; then410display_alert "Please set BUILD_KSRC=yes to generate the kernel source package" "" "wrn"411fi412413# install wireguard tools414if [[ $WIREGUARD == yes ]]; then415chroot "${SDCARD}" /bin/bash -c "apt-get -y -qq install wireguard-tools --no-install-recommends" >> "${DEST}"/debug/install.log 2>&1416fi417418# freeze orangepi packages419if [[ $BSPFREEZE == yes ]]; then420display_alert "Freezing Orange Pi packages" "$BOARD" "info"421chroot "${SDCARD}" /bin/bash -c "apt-mark hold ${CHOSEN_KERNEL} ${CHOSEN_KERNEL/image/headers} \422linux-u-boot-${BOARD}-${BRANCH} ${CHOSEN_KERNEL/image/dtb}" >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1423fi424425# add orangepi user426chroot "${SDCARD}" /bin/bash -c "adduser --quiet --disabled-password --shell /bin/bash --home /home/${OPI_USERNAME} --gecos ${OPI_USERNAME} ${OPI_USERNAME}"427chroot "${SDCARD}" /bin/bash -c "(echo ${OPI_PWD};echo ${OPI_PWD};) | passwd "${OPI_USERNAME}" >/dev/null 2>&1"428for additionalgroup in sudo netdev audio video disk tty users games dialout plugdev input bluetooth systemd-journal ssh docker; do429chroot "${SDCARD}" /bin/bash -c "usermod -aG ${additionalgroup} ${OPI_USERNAME} 2>/dev/null"430done431432# fix for gksu in Xenial433touch ${SDCARD}/home/${OPI_USERNAME}/.Xauthority434chroot "${SDCARD}" /bin/bash -c "chown ${OPI_USERNAME}:${OPI_USERNAME} /home/${OPI_USERNAME}/.Xauthority"435# set up profile sync daemon on desktop systems436chroot "${SDCARD}" /bin/bash -c "which psd >/dev/null 2>&1"437if [ $? -eq 0 ]; then438echo -e "${OPI_USERNAME} ALL=(ALL) NOPASSWD: /usr/bin/psd-overlay-helper" >> ${SDCARD}/etc/sudoers439touch ${SDCARD}/home/${OPI_USERNAME}/.activate_psd440chroot "${SDCARD}" /bin/bash -c "chown $OPI_USERNAME:$OPI_USERNAME /home/${OPI_USERNAME}/.activate_psd"441fi442443# remove deb files444rm -f "${SDCARD}"/root/*.deb445446# copy boot splash images447cp "${EXTER}"/packages/blobs/splash/orangepi-u-boot.bmp "${SDCARD}"/boot/boot.bmp448cp "${EXTER}"/packages/blobs/splash/logo.bmp "${SDCARD}"/boot/logo.bmp449450# copy audio.wav and mute.wav451cp "${EXTER}"/packages/blobs/audio_wav/audio.wav "${SDCARD}"/usr/share/sounds/alsa/452cp "${EXTER}"/packages/blobs/audio_wav/mute.wav "${SDCARD}"/usr/share/sounds/alsa/453454cp "${EXTER}"/packages/blobs/test.mp4 "${SDCARD}"/usr/local/455456# copy watchdog test programm457cp "${EXTER}"/packages/blobs/watchdog/watchdog_test_${ARCH} "${SDCARD}"/usr/local/bin/watchdog_test458459[[ -f "${SDCARD}"/usr/bin/gnome-session ]] && sed -i "s/user-session.*/user-session=ubuntu-wayland/" ${SDCARD}/etc/lightdm/lightdm.conf.d/22-orangepi-autologin.conf > /dev/null 2>&1460[[ -f "${SDCARD}"/usr/bin/startplasma-x11 ]] && sed -i "s/user-session.*/user-session=plasma-x11/" ${SDCARD}/etc/lightdm/lightdm.conf.d/22-orangepi-autologin.conf461462call_extension_method "post_family_tweaks" << 'FAMILY_TWEAKS'463*customize the tweaks made by $LINUXFAMILY-specific family_tweaks*464It is run after packages are installed in the rootfs, but before enabling additional services.465It allows implementors access to the rootfs (`${SDCARD}`) in its pristine state after packages are installed.466FAMILY_TWEAKS467468# enable additional services469chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-firstrun.service >/dev/null 2>&1"470chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-firstrun-config.service >/dev/null 2>&1"471chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-zram-config.service >/dev/null 2>&1"472chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-hardware-optimize.service >/dev/null 2>&1"473chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-ramlog.service >/dev/null 2>&1"474chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-resize-filesystem.service >/dev/null 2>&1"475chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-hardware-monitor.service >/dev/null 2>&1"476477# copy "first run automated config, optional user configured"478cp ${EXTER}/packages/bsp/orangepi_first_run.txt.template "${SDCARD}"/boot/orangepi_first_run.txt.template479480## switch to beta repository at this stage if building nightly images481#[[ $IMAGE_TYPE == nightly ]] \482#&& echo "deb http://beta.orangepi.com $RELEASE main ${RELEASE}-utils ${RELEASE}-desktop" \483#> "${SDCARD}"/etc/apt/sources.list.d/orangepi.list484485# Cosmetic fix [FAILED] Failed to start Set console font and keymap at first boot486[[ -f "${SDCARD}"/etc/console-setup/cached_setup_font.sh ]] \487&& sed -i "s/^printf '.*/printf '\\\033\%\%G'/g" "${SDCARD}"/etc/console-setup/cached_setup_font.sh488[[ -f "${SDCARD}"/etc/console-setup/cached_setup_terminal.sh ]] \489&& sed -i "s/^printf '.*/printf '\\\033\%\%G'/g" "${SDCARD}"/etc/console-setup/cached_setup_terminal.sh490[[ -f "${SDCARD}"/etc/console-setup/cached_setup_keyboard.sh ]] \491&& sed -i "s/-u/-x'/g" "${SDCARD}"/etc/console-setup/cached_setup_keyboard.sh492493# fix for https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1542723494chroot "${SDCARD}" /bin/bash -c "chown root:messagebus /usr/lib/dbus-1.0/dbus-daemon-launch-helper"495chroot "${SDCARD}" /bin/bash -c "chmod u+s /usr/lib/dbus-1.0/dbus-daemon-launch-helper"496497# disable samba NetBIOS over IP name service requests since it hangs when no network is present at boot498chroot "${SDCARD}" /bin/bash -c "systemctl --quiet disable nmbd 2> /dev/null"499500# disable low-level kernel messages for non betas501if [[ -z $BETA ]]; then502sed -i "s/^#kernel.printk*/kernel.printk/" "${SDCARD}"/etc/sysctl.conf503fi504505# disable repeated messages due to xconsole not being installed.506[[ -f "${SDCARD}"/etc/rsyslog.d/50-default.conf ]] && \507sed '/daemon\.\*\;mail.*/,/xconsole/ s/.*/#&/' -i "${SDCARD}"/etc/rsyslog.d/50-default.conf508509# disable deprecated parameter510sed '/.*$KLogPermitNonKernelFacility.*/,// s/.*/#&/' -i "${SDCARD}"/etc/rsyslog.conf511512# enable getty on multiple serial consoles513# and adjust the speed if it is defined and different than 115200514#515# example: SERIALCON="ttyS0:15000000,ttyGS1"516#517ifs=$IFS518for i in $(echo "${SERIALCON:-'ttyS0'}" | sed "s/,/ /g")519do520IFS=':' read -r -a array <<< "$i"521[[ "${array[0]}" == "tty1" ]] && continue # Don't enable tty1 as serial console.522display_alert "Enabling serial console" "${array[0]}" "info"523# add serial console to secure tty list524[ -z "$(grep -w '^${array[0]}' "${SDCARD}"/etc/securetty 2> /dev/null)" ] && \525echo "${array[0]}" >> "${SDCARD}"/etc/securetty526if [[ ${array[1]} != "115200" && -n ${array[1]} ]]; then527# make a copy, fix speed and enable528cp "${SDCARD}"/lib/systemd/system/[email protected] \529"${SDCARD}/lib/systemd/system/serial-getty@${array[0]}.service"530sed -i "s/--keep-baud 115200/--keep-baud ${array[1]},115200/" \531"${SDCARD}/lib/systemd/system/serial-getty@${array[0]}.service"532fi533chroot "${SDCARD}" /bin/bash -c "systemctl daemon-reload" >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1534chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable serial-getty@${array[0]}.service" \535>> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1536if [[ "${array[0]}" == "ttyGS0" && $LINUXFAMILY == sun8i && $BRANCH == legacy ]]; then537mkdir -p "${SDCARD}"/etc/systemd/system/[email protected]538cat <<-EOF > "${SDCARD}"/etc/systemd/system/[email protected]/10-switch-role.conf539[Service]540ExecStartPre=-/bin/sh -c "echo 2 > /sys/bus/platform/devices/sunxi_usb_udc/otg_role"541EOF542fi543done544IFS=$ifs545546[[ $LINUXFAMILY == sun*i ]] && mkdir -p "${SDCARD}"/boot/overlay-user547548# to prevent creating swap file on NFS (needs specific kernel options)549# and f2fs/btrfs (not recommended or needs specific kernel options)550[[ $ROOTFS_TYPE != ext4 ]] && touch "${SDCARD}"/var/swap551552# install initial asound.state if defined553mkdir -p "${SDCARD}"/var/lib/alsa/554[[ -n $ASOUND_STATE ]] && cp "${EXTER}/packages/blobs/asound.state/${ASOUND_STATE}" "${SDCARD}"/var/lib/alsa/asound.state555556# save initial orangepi-release state557cp "${SDCARD}"/etc/orangepi-release "${SDCARD}"/etc/orangepi-image-release558559# DNS fix. package resolvconf is not available everywhere560if [ -d /etc/resolvconf/resolv.conf.d ] && [ -n "$NAMESERVER" ]; then561echo "nameserver $NAMESERVER" > "${SDCARD}"/etc/resolvconf/resolv.conf.d/head562fi563564# permit root login via SSH for the first boot565sed -i 's/#\?PermitRootLogin .*/PermitRootLogin yes/' "${SDCARD}"/etc/ssh/sshd_config566567# enable PubkeyAuthentication568sed -i 's/#\?PubkeyAuthentication .*/PubkeyAuthentication yes/' "${SDCARD}"/etc/ssh/sshd_config569570if [ -f "${SDCARD}"/etc/NetworkManager/NetworkManager.conf ]; then571# configure network manager572sed "s/managed=\(.*\)/managed=true/g" -i "${SDCARD}"/etc/NetworkManager/NetworkManager.conf573574# remove network manager defaults to handle eth by default575rm -f "${SDCARD}"/usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf576577# most likely we don't need to wait for nm to get online578chroot "${SDCARD}" /bin/bash -c "systemctl disable NetworkManager-wait-online.service" >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1579580# Just regular DNS and maintain /etc/resolv.conf as a file581sed "/dns/d" -i "${SDCARD}"/etc/NetworkManager/NetworkManager.conf582sed "s/\[main\]/\[main\]\ndns=default\nrc-manager=file/g" -i "${SDCARD}"/etc/NetworkManager/NetworkManager.conf583if [[ -n $NM_IGNORE_DEVICES ]]; then584mkdir -p "${SDCARD}"/etc/NetworkManager/conf.d/585cat <<-EOF > "${SDCARD}"/etc/NetworkManager/conf.d/10-ignore-interfaces.conf586[keyfile]587unmanaged-devices=$NM_IGNORE_DEVICES588EOF589fi590591elif [ -d "${SDCARD}"/etc/systemd/network ]; then592# configure networkd593rm "${SDCARD}"/etc/resolv.conf594ln -s /run/systemd/resolve/resolv.conf "${SDCARD}"/etc/resolv.conf595596# enable services597chroot "${SDCARD}" /bin/bash -c "systemctl enable systemd-networkd.service systemd-resolved.service" >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1598599if [ -e /etc/systemd/timesyncd.conf ]; then600chroot "${SDCARD}" /bin/bash -c "systemctl enable systemd-timesyncd.service" >> "${DEST}"/${LOG_SUBPATH}/install.log 2>&1601fi602umask 022603cat > "${SDCARD}"/etc/systemd/network/eth0.network <<- __EOF__604[Match]605Name=eth0606607[Network]608#MACAddress=609DHCP=ipv4610LinkLocalAddressing=ipv4611#Address=192.168.1.100/24612#Gateway=192.168.1.1613#DNS=192.168.1.1614#Domains=example.com615NTP=0.pool.ntp.org 1.pool.ntp.org616__EOF__617618fi619620# avahi daemon defaults if exists621[[ -f "${SDCARD}"/usr/share/doc/avahi-daemon/examples/sftp-ssh.service ]] && \622cp "${SDCARD}"/usr/share/doc/avahi-daemon/examples/sftp-ssh.service "${SDCARD}"/etc/avahi/services/623[[ -f "${SDCARD}"/usr/share/doc/avahi-daemon/examples/ssh.service ]] && \624cp "${SDCARD}"/usr/share/doc/avahi-daemon/examples/ssh.service "${SDCARD}"/etc/avahi/services/625626# nsswitch settings for sane DNS behavior: remove resolve, assure libnss-myhostname support627sed "s/hosts\:.*/hosts: files mymachines dns myhostname/g" -i "${SDCARD}"/etc/nsswitch.conf628629# build logo in any case630boot_logo631632# disable MOTD for first boot - we want as clean 1st run as possible633chmod -x "${SDCARD}"/etc/update-motd.d/*634635# execute $LINUXFAMILY-specific tweaks636[[ $(type -t family_tweaks) == function ]] && family_tweaks637}638639install_rclocal()640{641642if [[ $BURN_IMAGE == yes ]]; then643644cat <<-EOF > "${SDCARD}"/etc/rc.local645#!/bin/sh -e646#647# rc.local648#649# This script is executed at the end of each multiuser runlevel.650# Make sure that the script will "exit 0" on success or any other651# value on error.652#653# In order to enable or disable this script just change the execution654# bits.655#656# By default this script does nothing.657658burn_to_emmc659660exit 0661EOF662663else664665cat <<-EOF > "${SDCARD}"/etc/rc.local666#!/bin/sh -e667#668# rc.local669#670# This script is executed at the end of each multiuser runlevel.671# Make sure that the script will "exit 0" on success or any other672# value on error.673#674# In order to enable or disable this script just change the execution675# bits.676#677# By default this script does nothing.678679exit 0680EOF681682fi683chmod +x "${SDCARD}"/etc/rc.local684685}686687install_distribution_specific()688{689690display_alert "Applying distribution specific tweaks for" "$RELEASE" "info"691692case $RELEASE in693694xenial)695696# remove legal info from Ubuntu697[[ -f "${SDCARD}"/etc/legal ]] && rm "${SDCARD}"/etc/legal698699# ureadahead needs kernel tracing options that AFAIK are present only in mainline. disable700chroot "${SDCARD}" /bin/bash -c \701"systemctl --no-reload mask ondemand.service ureadahead.service >/dev/null 2>&1"702chroot "${SDCARD}" /bin/bash -c \703"systemctl --no-reload mask setserial.service etc-setserial.service >/dev/null 2>&1"704705;;706707stretch|buster|sid)708709# remove doubled uname from motd710[[ -f "${SDCARD}"/etc/update-motd.d/10-uname ]] && rm "${SDCARD}"/etc/update-motd.d/10-uname711# rc.local is not existing but one might need it712install_rclocal713714;;715716bullseye)717718# remove doubled uname from motd719[[ -f "${SDCARD}"/etc/update-motd.d/10-uname ]] && rm "${SDCARD}"/etc/update-motd.d/10-uname720# rc.local is not existing but one might need it721install_rclocal722# fix missing versioning723[[ $(grep -L "VERSION_ID=" "${SDCARD}"/etc/os-release) ]] && echo 'VERSION_ID="11"' >> "${SDCARD}"/etc/os-release724[[ $(grep -L "VERSION=" "${SDCARD}"/etc/os-release) ]] && echo 'VERSION="11 (bullseye)"' >> "${SDCARD}"/etc/os-release725726727;;728729bookworm)730731# remove doubled uname from motd732[[ -f "${SDCARD}"/etc/update-motd.d/10-uname ]] && rm "${SDCARD}"/etc/update-motd.d/10-uname733# rc.local is not existing but one might need it734install_rclocal735# fix missing versioning736[[ $(grep -L "VERSION_ID=" "${SDCARD}"/etc/os-release) ]] && echo 'VERSION_ID="12"' >> "${SDCARD}"/etc/os-release737[[ $(grep -L "VERSION=" "${SDCARD}"/etc/os-release) ]] && echo 'VERSION="11 (bookworm)"' >> "${SDCARD}"/etc/os-release738739# remove security updates repository since it does not exists yet740sed '/security/ d' -i "${SDCARD}"/etc/apt/sources.list741742;;743744bionic|focal|hirsute|impish|jammy|noble)745746# by using default lz4 initrd compression leads to corruption, go back to proven method747sed -i "s/^COMPRESS=.*/COMPRESS=gzip/" "${SDCARD}"/etc/initramfs-tools/initramfs.conf748echo -e "\n[Install]\nWantedBy=multi-user.target" >> "${SDCARD}"/lib/systemd/system/lightdm.service749750# cleanup motd services and related files751chroot "${SDCARD}" /bin/bash -c "systemctl disable motd-news.service >/dev/null 2>&1"752chroot "${SDCARD}" /bin/bash -c "systemctl disable motd-news.timer >/dev/null 2>&1"753754rm -f "${SDCARD}"/etc/update-motd.d/{10-uname,10-help-text,50-motd-news,80-esm,80-livepatch,90-updates-available,91-release-upgrade,95-hwe-eol}755756# remove motd news from motd.ubuntu.com757[[ -f "${SDCARD}"/etc/default/motd-news ]] && sed -i "s/^ENABLED=.*/ENABLED=0/" "${SDCARD}"/etc/default/motd-news758759# rc.local is not existing but one might need it760install_rclocal761762if [ -d "${SDCARD}"/etc/NetworkManager ]; then763local RENDERER=NetworkManager764else765local RENDERER=networkd766fi767768# Basic Netplan config. Let NetworkManager/networkd manage all devices on this system769[[ -d "${SDCARD}"/etc/netplan ]] && cat <<-EOF > "${SDCARD}"/etc/netplan/orangepi-default.yaml770network:771version: 2772renderer: $RENDERER773EOF774775# DNS fix776if [ -n "$NAMESERVER" ]; then777sed -i "s/#DNS=.*/DNS=$NAMESERVER/g" "${SDCARD}"/etc/systemd/resolved.conf778fi779780# Journal service adjustements781sed -i "s/#Storage=.*/Storage=volatile/g" "${SDCARD}"/etc/systemd/journald.conf782sed -i "s/#Compress=.*/Compress=yes/g" "${SDCARD}"/etc/systemd/journald.conf783sed -i "s/#RateLimitIntervalSec=.*/RateLimitIntervalSec=30s/g" "${SDCARD}"/etc/systemd/journald.conf784sed -i "s/#RateLimitBurst=.*/RateLimitBurst=10000/g" "${SDCARD}"/etc/systemd/journald.conf785786# Chrony temporal fix https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1878005787sed -i '/DAEMON_OPTS=/s/"-F -1"/"-F 0"/' "${SDCARD}"/etc/default/chrony788789# disable conflicting services790chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload mask ondemand.service >/dev/null 2>&1"791792;;793794esac795796# use list modules INITRAMFS797if [ -f "${EXTER}"/config/modules/"${MODULES_INITRD}" ]; then798display_alert "Use file list modules INITRAMFS" "${MODULES_INITRD}"799sed -i "s/^MODULES=.*/MODULES=list/" "${SDCARD}"/etc/initramfs-tools/initramfs.conf800cat "${EXTER}"/config/modules/"${MODULES_INITRD}" >> "${SDCARD}"/etc/initramfs-tools/modules801fi802}803804805806807post_debootstrap_tweaks()808{809810# remove service start blockers and QEMU binary811rm -f "${SDCARD}"/sbin/initctl "${SDCARD}"/sbin/start-stop-daemon812chroot "${SDCARD}" /bin/bash -c "dpkg-divert --quiet --local --rename --remove /sbin/initctl"813chroot "${SDCARD}" /bin/bash -c "dpkg-divert --quiet --local --rename --remove /sbin/start-stop-daemon"814rm -f "${SDCARD}"/usr/sbin/policy-rc.d "${SDCARD}/usr/bin/${QEMU_BINARY}"815816call_extension_method "post_post_debootstrap_tweaks" "config_post_debootstrap_tweaks" << 'POST_POST_DEBOOTSTRAP_TWEAKS'817*run after removing diversions and qemu with chroot unmounted*818Last chance to touch the `${SDCARD}` filesystem before it is copied to the final media.819It is too late to run any chrooted commands, since the supporting filesystems are already unmounted.820POST_POST_DEBOOTSTRAP_TWEAKS821822}823824on_chroot()825{826if [ "$SETFCAP" != "1" ]; then827export CAPSH_ARG="--drop=cap_setfcap"828fi829830capsh $CAPSH_ARG "--chroot=${ROOTFS_DIR}/" -- -e "$@"831}832export -f on_chroot833834# shellcheck disable=SC2119835run_sub_stage()836{837log "Begin ${SUB_STAGE_DIR}"838#pushd "${SUB_STAGE_DIR}" > /dev/null839cd ${SUB_STAGE_DIR}840841for i in {00..99}; do842if [ -f "${SUB_STAGE_DIR}/${i}-debconf" ]; then843display_alert "Begin ${SUB_STAGE_DIR}/${i}-debconf" "" "info"844on_chroot << EOF845debconf-set-selections <<SELEOF846$(cat "${i}-debconf")847SELEOF848EOF849display_alert "End ${SUB_STAGE_DIR}/${i}-debconf" "" "info"850fi851if [ -f "${SUB_STAGE_DIR}/${i}-packages-nr" ]; then852display_alert "Begin ${SUB_STAGE_DIR}/${i}-packages-nr" "" "info"853PACKAGES="$(sed -f "${EXTER}/packages/raspi/scripts/remove-comments.sed" < "${SUB_STAGE_DIR}/${i}-packages-nr")"854if [ -n "$PACKAGES" ]; then855on_chroot << EOF856apt-get -o Acquire::Retries=3 install --no-install-recommends -y $PACKAGES857EOF858fi859display_alert "End ${SUB_STAGE_DIR}/${i}-packages-nr" "" "info"860fi861if [ -f "${SUB_STAGE_DIR}/${i}-packages" ]; then862display_alert "Begin ${SUB_STAGE_DIR}/${i}-packages" "" "info"863PACKAGES="$(sed -f "${EXTER}/packages/raspi/scripts/remove-comments.sed" < "${SUB_STAGE_DIR}/${i}-packages")"864if [ -n "$PACKAGES" ]; then865on_chroot << EOF866apt-get -o Acquire::Retries=3 install -y $PACKAGES867EOF868fi869display_alert "End ${SUB_STAGE_DIR}/${i}-packages" "" "info"870fi871# if [ -d "${SUB_STAGE_DIR}/${i}-patches" ]; then872# log "Begin ${SUB_STAGE_DIR}/${i}-patches"873# pushd "${STAGE_WORK_DIR}" > /dev/null874# #cd ${STAGE_WORK_DIR}875#876# QUILT_PATCHES="${SUB_STAGE_DIR}/${i}-patches"877# SUB_STAGE_QUILT_PATCH_DIR="$(basename "$SUB_STAGE_DIR")-pc"878# mkdir -p "$STAGE_WORK_DIR/$SUB_STAGE_QUILT_PATCH_DIR"879# ln -snf "$STAGE_WORK_DIR/$SUB_STAGE_QUILT_PATCH_DIR" .pc880# ln -snfv "${ROOTFS_DIR}" ${STAGE_WORK_DIR}/rootfs881# quilt upgrade882# if [ -e "${SUB_STAGE_DIR}/${i}-patches/EDIT" ]; then883# echo "Dropping into bash to edit patches..."884# bash885# fi886# RC=0887# quilt push -a || RC=$?888# case "$RC" in889# 0|2)890# ;;891# *)892# false893# ;;894# esac895# #popd > /dev/null896# cd -897# log "End ${SUB_STAGE_DIR}/${i}-patches"898# fi899if [ -x ${i}-run.sh ]; then900display_alert "Begin ${SUB_STAGE_DIR}/${i}-run.sh" "" "info"901./${i}-run.sh902display_alert "End ${SUB_STAGE_DIR}/${i}-run.sh" "" "info"903fi904if [ -f ${i}-run-chroot.sh ]; then905display_alert "Begin ${SUB_STAGE_DIR}/${i}-run-chroot.sh" "" "info"906on_chroot < ${i}-run-chroot.sh907display_alert "End ${SUB_STAGE_DIR}/${i}-run-chroot.sh" "" "info"908fi909done910#popd > /dev/null911log "End ${SUB_STAGE_DIR}"912}913914run_stage(){915rm -rf "${SRC}"/output/raspi916[[ ! -d "${SRC}"/output/raspi ]] && mkdir -p "${SRC}"/output/raspi917918STAGE_WORK_DIR="${SRC}/output/raspi"919920if [ ! -f ${STAGE_DIR}/SKIP ]; then921if [ -x ${STAGE_DIR}/prerun.sh ]; then922display_alert "Begin ${STAGE_DIR}/prerun.sh" "" "info"923source ${STAGE_DIR}/prerun.sh924display_alert "End ${STAGE_DIR}/prerun.sh" "" "info"925fi926927for SUB_STAGE_DIR in "${STAGE_DIR}"/*; do928if [ -d "${SUB_STAGE_DIR}" ] && [ ! -f "${SUB_STAGE_DIR}/SKIP" ]; then929run_sub_stage930fi931done932fi933}934935log ()936{937date +"[%T] $*"938}939940install_opi_specific()941{942cd $SRC943944# install u-boot945UBOOT_VER=$(dpkg --info "${DEB_STORAGE}/u-boot/${CHOSEN_UBOOT}_${REVISION}_${ARCH}.deb" | grep Descr | awk '{print $(NF)}')946install_deb_chroot "${DEB_STORAGE}/u-boot/${CHOSEN_UBOOT}_${REVISION}_${ARCH}.deb"947948# install kernel949VER=$(dpkg --info "${DEB_STORAGE}/${CHOSEN_KERNEL}_${REVISION}_${ARCH}.deb" | awk -F"-" '/Source:/{print $2}')950install_deb_chroot "${DEB_STORAGE}/${CHOSEN_KERNEL}_${REVISION}_${ARCH}.deb"951if [[ -f ${DEB_STORAGE}/${CHOSEN_KERNEL/image/dtb}_${REVISION}_${ARCH}.deb ]]; then952install_deb_chroot "${DEB_STORAGE}/${CHOSEN_KERNEL/image/dtb}_${REVISION}_${ARCH}.deb"953fi954if [[ $INSTALL_HEADERS == yes ]]; then955install_deb_chroot "${DEB_STORAGE}/${CHOSEN_KERNEL/image/headers}_${REVISION}_${ARCH}.deb"956else957cp "${DEB_STORAGE}/${CHOSEN_KERNEL/image/headers}_${REVISION}_${ARCH}.deb" "${SDCARD}"/opt/958fi959960dpkg_install_deb_chroot "$EXTER/packages/raspi/orangepi/debs/raspi-config_20230214_all.deb"961962case ${BOARDFAMILY} in963"rockchip-rk356x")964rk35xx_gpu_vpu_tweaks965esac966967[[ ! -d "${SDCARD}/lib/firmware" ]] && mkdir -p "${SDCARD}/lib/firmware"968cp -rfa ${EXTER}/cache/sources/orangepi-firmware-git/* ${SDCARD}/lib/firmware/969970# NOTE: this needs to be executed before family_tweaks971local bootscript_src=${BOOTSCRIPT%%:*}972local bootscript_dst=${BOOTSCRIPT##*:}973974if [[ "${BOOTCONFIG}" != "none" ]]; then975if [ -f "${USERPATCHES_PATH}/bootscripts/${bootscript_src}" ]; then976cp "${USERPATCHES_PATH}/bootscripts/${bootscript_src}" "${SDCARD}/boot/${bootscript_dst}"977else978cp "${EXTER}/config/bootscripts/${bootscript_src}" "${SDCARD}/boot/${bootscript_dst}"979fi980fi981982if [[ -n $BOOTENV_FILE ]]; then983if [[ -f $USERPATCHES_PATH/bootenv/$BOOTENV_FILE ]]; then984cp "$USERPATCHES_PATH/bootenv/${BOOTENV_FILE}" "${SDCARD}"/boot/orangepiEnv.txt985elif [[ -f $EXTER/config/bootenv/$BOOTENV_FILE ]]; then986cp "${EXTER}/config/bootenv/${BOOTENV_FILE}" "${SDCARD}"/boot/orangepiEnv.txt987fi988fi989990[[ -n $OVERLAY_PREFIX && -f "${SDCARD}"/boot/orangepiEnv.txt && ($BRANCH =~ current|next || $BOARDFAMILY =~ "rockchip-rk3588"|"rockchip-rk356x") ]] && \991echo "overlay_prefix=$OVERLAY_PREFIX" >> "${SDCARD}"/boot/orangepiEnv.txt992993[[ -n $DEFAULT_OVERLAYS && -f "${SDCARD}"/boot/orangepiEnv.txt && ($BRANCH =~ current|next || $BOARDFAMILY =~ "rockchip-rk3588"|"rockchip-rk356x") ]] && \994echo "overlays=${DEFAULT_OVERLAYS//,/ }" >> "${SDCARD}"/boot/orangepiEnv.txt995996[[ -n $BOOT_FDT_FILE && -f "${SDCARD}"/boot/orangepiEnv.txt ]] && \997echo "fdtfile=${BOOT_FDT_FILE}" >> "${SDCARD}/boot/orangepiEnv.txt"998999# install initial asound.state if defined1000mkdir -p "${SDCARD}"/var/lib/alsa/1001[[ -n $ASOUND_STATE ]] && cp "${EXTER}/packages/blobs/asound.state/${ASOUND_STATE}" "${SDCARD}"/var/lib/alsa/asound.state10021003# create modules file1004local modules=MODULES_${BRANCH^^}1005if [[ -n "${!modules}" ]]; then1006tr ' ' '\n' <<< "${!modules}" > "${SDCARD}"/etc/modules1007elif [[ -n "${MODULES}" ]]; then1008tr ' ' '\n' <<< "${MODULES}" > "${SDCARD}"/etc/modules1009fi10101011# create blacklist files1012local blacklist=MODULES_BLACKLIST_${BRANCH^^}1013if [[ -n "${!blacklist}" ]]; then1014tr ' ' '\n' <<< "${!blacklist}" | sed -e 's/^/blacklist /' > "${SDCARD}/etc/modprobe.d/blacklist-${BOARD}.conf"1015elif [[ -n "${MODULES_BLACKLIST}" ]]; then1016tr ' ' '\n' <<< "${MODULES_BLACKLIST}" | sed -e 's/^/blacklist /' > "${SDCARD}/etc/modprobe.d/blacklist-${BOARD}.conf"1017fi10181019cat <<-EOF > "${SDCARD}"/etc/orangepi-release1020# PLEASE DO NOT EDIT THIS FILE1021BOARD=${BOARD}1022BOARD_NAME="$BOARD_NAME"1023BOARDFAMILY=${BOARDFAMILY}1024BUILD_REPOSITORY_URL=${BUILD_REPOSITORY_URL}1025BUILD_REPOSITORY_COMMIT=${BUILD_REPOSITORY_COMMIT}1026DISTRIBUTION_CODENAME=${RELEASE}1027DISTRIBUTION_STATUS=${DISTRIBUTION_STATUS}1028VERSION=${REVISION}1029LINUXFAMILY=${LINUXFAMILY}1030ARCH=${ARCHITECTURE}1031IMAGE_TYPE=$IMAGE_TYPE1032BOARD_TYPE=$BOARD_TYPE1033INITRD_ARCH=${INITRD_ARCH}1034KERNEL_IMAGE_TYPE=${KERNEL_IMAGE_TYPE}1035BRANCH=${BRANCH}1036EOF10371038install -d "${SDCARD}/etc/initramfs/post-update.d/"1039install -m 755 "${EXTER}/packages/bsp/common/etc/initramfs/post-update.d/99-uboot" "${SDCARD}/etc/initramfs/post-update.d/"10401041install -m 755 "${EXTER}/packages/raspi/orangepi/common/files/hciattach_opi" "${SDCARD}/usr/bin/"1042install -m 755 "${EXTER}/packages/raspi/orangepi/common/files/brcm_patchram_plus" "${SDCARD}/usr/bin/"10431044install -d "${SDCARD}/usr/lib/orangepi/"1045install -m 755 "${EXTER}/packages/raspi/orangepi/common/files/orangepi-hardware-optimization" "${SDCARD}/usr/lib/orangepi/"1046install -m 755 "${EXTER}/packages/raspi/orangepi/common/files/orangepi-hardware-optimize.service" "${SDCARD}/usr/lib/systemd/system/"1047chroot "${SDCARD}" /bin/bash -c "systemctl --no-reload enable orangepi-hardware-optimize.service >/dev/null 2>&1"10481049install_wiringop10501051rm $SDCARD/root/*.deb >/dev/null 2>&11052}10531054install_raspi_specific()1055{1056export TARGET_HOSTNAME=${TARGET_HOSTNAME:-raspberrypi}1057export FIRST_USER_NAME=${FIRST_USER_NAME:-pi}1058export FIRST_USER_PASS1059export DISABLE_FIRST_BOOT_USER_RENAME=${DISABLE_FIRST_BOOT_USER_RENAME:-0}1060export WPA_ESSID1061export WPA_PASSWORD1062export WPA_COUNTRY1063export ENABLE_SSH="${ENABLE_SSH:-0}"1064export PUBKEY_ONLY_SSH="${PUBKEY_ONLY_SSH:-0}"10651066export LOCALE_DEFAULT="${LOCALE_DEFAULT:-en_GB.UTF-8}"10671068export KEYBOARD_KEYMAP="${KEYBOARD_KEYMAP:-gb}"1069export KEYBOARD_LAYOUT="${KEYBOARD_LAYOUT:-English (UK)}"10701071export TIMEZONE_DEFAULT="${TIMEZONE_DEFAULT:-Europe/London}"10721073export PUBKEY_SSH_FIRST_USER10741075export APT_PROXY10761077export STAGE1078export STAGE_DIR1079export STAGE_WORK_DIR1080export PREV_STAGE1081export PREV_STAGE_DIR1082export ROOTFS_DIR=${SDCARD}1083export PREV_ROOTFS_DIR1084export IMG_SUFFIX1085export NOOBS_NAME1086export NOOBS_DESCRIPTION1087export EXPORT_DIR1088export EXPORT_ROOTFS_DIR10891090export QUILT_PATCHES1091export QUILT_NO_DIFF_INDEX=11092export QUILT_NO_DIFF_TIMESTAMPS=11093export QUILT_REFRESH_ARGS="-p ab"10941095#check username is valid1096if [[ ! "$FIRST_USER_NAME" =~ ^[a-z][-a-z0-9_]*$ ]]; then1097echo "Invalid FIRST_USER_NAME: $FIRST_USER_NAME"1098exit 11099fi11001101if [[ "$DISABLE_FIRST_BOOT_USER_RENAME" == "1" ]] && [ -z "${FIRST_USER_PASS}" ]; then1102echo "To disable user rename on first boot, FIRST_USER_PASS needs to be set"1103echo "Not setting FIRST_USER_PASS makes your system vulnerable and open to cyberattacks"1104exit 11105fi11061107if [[ "$DISABLE_FIRST_BOOT_USER_RENAME" == "1" ]]; then1108echo "User rename on the first boot is disabled"1109echo "Be advised of the security risks linked to shipping a device with default username/password set."1110fi11111112if [[ -n "${APT_PROXY}" ]] && ! curl --silent "${APT_PROXY}" >/dev/null ; then1113echo "Could not reach APT_PROXY server: ${APT_PROXY}"1114exit 11115fi11161117if [[ -n "${WPA_PASSWORD}" && ${#WPA_PASSWORD} -lt 8 || ${#WPA_PASSWORD} -gt 63 ]] ; then1118echo "WPA_PASSWORD" must be between 8 and 63 characters1119exit 11120fi11211122if [[ "${PUBKEY_ONLY_SSH}" = "1" && -z "${PUBKEY_SSH_FIRST_USER}" ]]; then1123echo "Must set 'PUBKEY_SSH_FIRST_USER' to a valid SSH public key if using PUBKEY_ONLY_SSH"1124exit 11125fi11261127RASPI_DIR="${EXTER}/packages/raspi"11281129if [[ ${BUILD_DESKTOP} == "yes" ]]; then1130rm -r ${RASPI_DIR}/stage3/SKIP ${RASPI_DIR}/stage4/SKIP ${RASPI_DIR}/stage5/SKIP 2>/dev/null1131touch ${RASPI_DIR}/stage5/SKIP1132else1133rm -r ${RASPI_DIR}/stage1/SKIP ${RASPI_DIR}/stage2/SKIP 2>/dev/null1134touch ${RASPI_DIR}/stage3/SKIP ${RASPI_DIR}/stage4/SKIP ${RASPI_DIR}/stage5/SKIP1135export FIRST_USER_PASS="pi"1136fi11371138STAGE_LIST=${RASPI_DIR}/stage*11391140for STAGE_DIR in $STAGE_LIST; do1141STAGE_DIR=$(realpath "${STAGE_DIR}")1142run_stage1143done11441145STAGE_DIR=${RASPI_DIR}/export-image1146run_stage11471148rm -rf ${SDCARD}/boot/*1149rm -rf ${SDCARD}/lib/firmware1150rm -rf ${SDCARD}/lib/modules/*1151}115211531154