diff --git a/.gitignore b/.gitignore index a6883c2049..b214c4788a 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,4 @@ SKIP SKIP_IMAGES .pc *-pc -apt-cacher-ng/ +.vscode/ diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000000..32f2688b52 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,4 @@ +include: + - project: serge/pi-gen + ref: ci + file: 'pi-gen.yml' diff --git a/Dockerfile b/Dockerfile index 2e53149b52..f17077cd2a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,13 +1,14 @@ -FROM debian:buster +ARG BASE_IMAGE=debian:bullseye +FROM ${BASE_IMAGE} -ENV DEBIAN_FRONTEND noninteractive +ENV DEBIAN_FRONTEND=noninteractive RUN apt-get -y update && \ apt-get -y install --no-install-recommends \ git vim parted \ - quilt coreutils qemu-user-static debootstrap zerofree zip dosfstools \ - bsdtar libcap2-bin rsync grep udev xz-utils curl xxd file kmod bc\ - binfmt-support ca-certificates \ + quilt coreutils qemu-user-static debootstrap zerofree zip dosfstools e2fsprogs\ + libarchive-tools libcap2-bin rsync grep udev xz-utils curl xxd file kmod bc \ + binfmt-support ca-certificates fdisk gpg pigz arch-test \ && rm -rf /var/lib/apt/lists/* COPY . /pi-gen/ diff --git a/README.md b/README.md index 29d81667d4..9c4e5500a9 100644 --- a/README.md +++ b/README.md @@ -1,25 +1,51 @@ # pi-gen -_Tool used to create the raspberrypi.org Raspbian images_ +Tool used to create Raspberry Pi OS images, and custom images based on Raspberry Pi OS, +which was in turn derived from the Raspbian project. +**Note**: Raspberry Pi OS 32 bit images are based primarily on Raspbian, while +Raspberry Pi OS 64 bit images are based primarily on Debian. + +**Note**: 32 bit images should be built from the `master` branch. +64 bit images should be built from the `arm64` branch. ## Dependencies -pi-gen runs on Debian based operating systems. Currently it is only supported on -either Debian Buster or Ubuntu Xenial and is known to have issues building on -earlier releases of these systems. On other Linux distributions it may be possible -to use the Docker build described below. +pi-gen runs on Debian-based operating systems released after 2017, and we +always advise you use the latest OS for security reasons. + +On other Linux distributions it may be possible to use the Docker build described +below. -To install the required dependencies for pi-gen you should run: +To install the required dependencies for `pi-gen` you should run: ```bash -apt-get install coreutils quilt parted qemu-user-static debootstrap zerofree zip \ -dosfstools bsdtar libcap2-bin grep rsync xz-utils file git curl bc +apt install coreutils quilt parted qemu-user-binfmt debootstrap zerofree zip \ +dosfstools e2fsprogs libarchive-tools libcap2-bin grep rsync xz-utils file git curl bc \ +gpg pigz xxd arch-test bmap-tools kmod ``` The file `depends` contains a list of tools needed. The format of this package is `[:]`. +## Getting started with building your images + +Getting started is as simple as cloning this repository on your build machine. You +can do so with: + +```bash +git clone https://github.com/RPI-Distro/pi-gen.git +``` + +`--depth 1` can be added after `git clone` to create a shallow clone, only containing +the latest revision of the repository. Do not do this on your development machine. + +Also, be careful to clone the repository to a base path **NOT** containing spaces. +This configuration is not supported by debootstrap and will lead to `pi-gen` not +running. + +After cloning the repository, you can move to the next step and start configuring +your build. ## Config @@ -29,17 +55,24 @@ environment variables. The following environment variables are supported: - * `IMG_NAME` **required** (Default: unset) + * `IMG_NAME` (Default: `raspios-$RELEASE-$ARCH`, for example: `raspios-trixie-armhf`) + + The name of the image to build with the current stage directories. Use this + variable to set the root name of your OS, eg `IMG_NAME=Frobulator`. + Export files in stages may add suffixes to `IMG_NAME`. + + * `PI_GEN_RELEASE` (Default: `Raspberry Pi reference`) - The name of the image to build with the current stage directories. Setting - `IMG_NAME=Raspbian` is logical for an unmodified RPi-Distro/pi-gen build, - but you should use something else for a customized version. Export files - in stages may add suffixes to `IMG_NAME`. + The release name to use in `/etc/issue.txt`. The default should only be used + for official Raspberry Pi builds. - * `RELEASE` (Default: buster) +* `RELEASE` (Default: `trixie`) - The release version to build images against. Valid values are jessie, stretch - buster, bullseye, and testing. + The release version to build images against. Valid values are any supported + Debian release. However, since different releases will have different sets of + packages available, you'll need to either modify your stages accordingly, or + checkout the appropriate branch. For example, if you'd like to build a + `bullseye` image, you should do so from the `bullseye` branch. * `APT_PROXY` (Default: unset) @@ -47,11 +80,12 @@ The following environment variables are supported: will not be included in the image, making it safe to use an `apt-cacher` or similar package for development. - If you have Docker installed, you can set up a local apt caching proxy to - like speed up subsequent builds like this: + * `TEMP_REPO` (Default: unset) - docker-compose up -d - echo 'APT_PROXY=http://172.17.0.1:3142' >> config + An additional temporary apt repo to be used during the build process. This + could be useful if you require pre-release software to be included in the + image. The variable should contain sources in [one-line-style format](https://manpages.debian.org/stable/apt/sources.list.5.en.html#ONE-LINE-STYLE_FORMAT). + "RELEASE" will be replaced with the RELEASE variable. * `BASE_DIR` (Default: location of `build.sh`) @@ -60,7 +94,7 @@ The following environment variables are supported: Top-level directory for `pi-gen`. Contains stage directories, build scripts, and by default both work and deployment directories. - * `WORK_DIR` (Default: `"$BASE_DIR/work"`) + * `WORK_DIR` (Default: `$BASE_DIR/work`) Directory in which `pi-gen` builds the target system. This value can be changed if you have a suitably large, fast storage location for stages to @@ -68,30 +102,49 @@ The following environment variables are supported: system for each build stage, amounting to tens of gigabytes in the case of Raspbian. - **CAUTION**: If your working directory is on an NTFS partition you probably won't be able to build. Make sure this is a proper Linux filesystem. + **CAUTION**: If your working directory is on an NTFS partition you probably won't be able to build: make sure this is a proper Linux filesystem. - * `DEPLOY_DIR` (Default: `"$BASE_DIR/deploy"`) + * `DEPLOY_DIR` (Default: `$BASE_DIR/deploy`) Output directory for target system images and NOOBS bundles. - * `DEPLOY_ZIP` (Default: `1`) + * `DEPLOY_COMPRESSION` (Default: `zip`) - Setting to `0` will deploy the actual image (`.img`) instead of a zipped image (`.zip`). + Set to: + * `none` to deploy the actual image (`.img`). + * `zip` to deploy a zipped image (`.zip`). + * `gz` to deploy a gzipped image (`.img.gz`). + * `xz` to deploy a xzipped image (`.img.xz`). - * `USE_QEMU` (Default: `"0"`) + + * `DEPLOY_ZIP` (Deprecated) + + This option has been deprecated in favor of `DEPLOY_COMPRESSION`. + + If `DEPLOY_ZIP=0` is still present in your config file, the behavior is the + same as with `DEPLOY_COMPRESSION=none`. + + * `COMPRESSION_LEVEL` (Default: `6`) + + Compression level to be used when using `zip`, `gz` or `xz` for + `DEPLOY_COMPRESSION`. From 0 to 9 (refer to the tool man page for more + information on this. Usually 0 is no compression but very fast, up to 9 with + the best compression but very slow ). + + * `USE_QEMU` (Default: `0`) Setting to '1' enables the QEMU mode - creating an image that can be mounted via QEMU for an emulated environment. These images include "-qemu" in the image file name. - * `LOCALE_DEFAULT` (Default: "en_GB.UTF-8" ) + * `LOCALE_DEFAULT` (Default: 'en_GB.UTF-8' ) Default system locale. - * `TARGET_HOSTNAME` (Default: "raspberrypi" ) + * `TARGET_HOSTNAME` (Default: 'raspberrypi' ) Setting the hostname to the specified value. - * `KEYBOARD_KEYMAP` (Default: "gb" ) + * `KEYBOARD_KEYMAP` (Default: 'gb' ) Default keyboard keymap. @@ -99,7 +152,7 @@ The following environment variables are supported: keyboard-configuration` and look at the `keyboard-configuration/xkb-keymap` value. - * `KEYBOARD_LAYOUT` (Default: "English (UK)" ) + * `KEYBOARD_LAYOUT` (Default: 'English (UK)' ) Default keyboard layout. @@ -107,37 +160,83 @@ The following environment variables are supported: keyboard-configuration` and look at the `keyboard-configuration/variant` value. - * `TIMEZONE_DEFAULT` (Default: "Europe/London" ) + * `TIMEZONE_DEFAULT` (Default: 'Europe/London' ) - Default keyboard layout. + Default time zone. To get the current value from a running system, look in `/etc/timezone`. - * `FIRST_USER_NAME` (Default: "pi" ) + * `FIRST_USER_NAME` (Default: `pi`) + + Username for the first user. This user only exists during the image creation process. Unless + `DISABLE_FIRST_BOOT_USER_RENAME` is set to `1`, this user will be renamed on the first boot with + a name chosen by the final user. This security feature is designed to prevent shipping images + with a default username and help prevent malicious actors from taking over your devices. + + If the FIRST_USER_NAME is set to `pi` and no `FIRST_USER_PASS` is set, the setup wizard will be launched on first boot to allow the user to set the password. + + * `FIRST_USER_PASS` (Default: unset) - Username for the first user + Password for the first user. If unset, the account is locked. - * `FIRST_USER_PASS` (Default: "raspberry") + * `DISABLE_FIRST_BOOT_USER_RENAME` (Default: `0`) - Password for the first user + Disable the renaming of the first user during the first boot. This make it so `FIRST_USER_NAME` + stays activated. `FIRST_USER_PASS` must be set for this to work. Please be aware of the implied + security risk of defining a default username and password for your devices. - * `WPA_ESSID`, `WPA_PASSWORD` and `WPA_COUNTRY` (Default: unset) + * `PASSWORDLESS_SUDO` (Default: `0`) - If these are set, they are use to configure `wpa_supplicant.conf`, so that the Raspberry Pi can automatically connect to a wifi network on first boot. If `WPA_ESSID` is set and `WPA_PASSWORD` is unset an unprotected wifi network will be configured. If set, `WPA_PASSWORD` must be between 8 and 63 characters. + Setting to `1` will enable passwordless sudo for the first user. This allows + the user to run commands with sudo without entering a password. Note that + this is a security risk and should only be enabled if you understand the + implications. The user will still be able to use sudo with a password even + when this is set to `0`. + + * `WPA_COUNTRY` (Default: unset) + + Sets the default WLAN regulatory domain and unblocks WLAN interfaces. This should be a 2-letter ISO/IEC 3166 country Code, i.e. `GB` * `ENABLE_SSH` (Default: `0`) Setting to `1` will enable ssh server for remote log in. Note that if you are using a common password such as the defaults there is a high risk of attackers taking over you Raspberry Pi. + * `PUBKEY_SSH_FIRST_USER` (Default: unset) + + Setting this to a value will make that value the contents of the FIRST_USER_NAME's ~/.ssh/authorized_keys. Obviously the value should + therefore be a valid authorized_keys file. Note that this does not + automatically enable SSH. + + * `PUBKEY_ONLY_SSH` (Default: `0`) + + * Setting to `1` will disable password authentication for SSH and enable + public key authentication. Note that if SSH is not enabled this will take + effect when SSH becomes enabled. + + * `SETFCAP` (Default: unset) + + * Setting to `1` will prevent pi-gen from dropping the "capabilities" + feature. Generating the root filesystem with capabilities enabled and running + it from a filesystem that does not support capabilities (like NFS) can cause + issues. Only enable this if you understand what it is. + * `STAGE_LIST` (Default: `stage*`) If set, then instead of working through the numeric stages in order, this list will be followed. For example setting to `"stage0 stage1 mystage stage2"` will run the contents of `mystage` before stage2. Note that quotes are needed around the list. An absolute or relative path can be given for stages outside the pi-gen directory. -A simple example for building Raspbian: + * `EXPORT_CONFIG_DIR` (Default: `$BASE_DIR/export-image`) + + If set, use this directory path as the location of scripts to run when generating images. An absolute or relative path can be given for a location outside the pi-gen directory. + + * `ENABLE_CLOUD_INIT` (Default: `1`) + + If set to `1`, cloud-init and netplan will be installed and configured. This will allow you to configure your Raspberry Pi using cloud-init configuration files. The cloud-init configuration files should be placed in the bootfs or by editing the files in `stage2/04-cloud-init/files`. Cloud-init will be configured to read them on first boot. + +A simple example for building Raspberry Pi OS: ```bash -IMG_NAME='Raspbian' +IMG_NAME='raspios' ``` The config file can also be specified on the command line as an argument the `build.sh` or `build-docker.sh` scripts. @@ -152,17 +251,17 @@ This is parsed after `config` so can be used to override values set there. The following process is followed to build images: - * Loop through all of the stage directories in alphanumeric order + * Iterate through all of the stage directories in alphanumeric order - * Move on to the next directory if this stage directory contains a file called + * Bypass a stage directory if it contains a file called "SKIP" - * Run the script ```prerun.sh``` which is generally just used to copy the build + * Run the script `prerun.sh` which is generally just used to copy the build directory between stages. - * In each stage directory loop through each subdirectory and then run each of the - install scripts it contains, again in alphanumeric order. These need to be named - with a two digit padded number at the beginning. + * In each stage directory iterate through each subdirectory and then run each of the + install scripts it contains, again in alphanumeric order. **These need to be named + with a two digit padded number at the beginning.** There are a number of different files and directories which can be used to control different parts of the build process: @@ -178,7 +277,7 @@ The following process is followed to build images: separated, per line. - **00-packages-nr** - As 00-packages, except these will be installed using - the ```--no-install-recommends -y``` parameters to apt-get. + the `--no-install-recommends -y` parameters to apt-get. - **00-patches** - A directory containing patch files to be applied, using quilt. If a file named 'EDIT' is present in the directory, the build process will @@ -197,7 +296,7 @@ It is recommended to examine build.sh for finer details. Docker can be used to perform the build inside a container. This partially isolates the build from the host system, and allows using the script on non-debian based -systems (e.g. Fedora Linux). The isolate is not complete due to the need to use +systems (e.g. Fedora Linux). The isolation is not complete due to the need to use some kernel level services for arm emulation (binfmt) and loop devices (losetup). To build: @@ -210,7 +309,7 @@ vi config # Edit your config file. See above. If everything goes well, your finished image will be in the `deploy/` folder. You can then remove the build container with `docker rm -v pigen_work` -If something breaks along the line, you can edit the corresponding scripts, and +If you encounter errors during the build, you can edit the corresponding scripts, and continue: ```bash @@ -236,6 +335,10 @@ fix is to ensure `binfmt-support` is installed on the host machine before starting the `./build-docker.sh` script (or using your own docker build solution). +### Passing arguments to Docker + +When the docker image is run various required command line arguments are provided. For example the system mounts the `/dev` directory to the `/dev` directory within the docker container. If other arguments are required they may be specified in the PIGEN_DOCKER_OPTS environment variable. For example setting `PIGEN_DOCKER_OPTS="--add-host foo:192.168.0.23"` will add '192.168.0.23 foo' to the `/etc/hosts` file in the container. The `--name` +and `--privileged` options are already set by the script and should not be redefined. ## Stage Anatomy @@ -250,45 +353,38 @@ maintenance and allows for more easy customization. `debootstrap`, which creates a minimal filesystem suitable for use as a base.tgz on Debian systems. This stage also configures apt settings and installs `raspberrypi-bootloader` which is missed by debootstrap. The - minimal core is installed but not configured, and the system will not quite - boot yet. + minimal core is installed but not configured. As a result, this stage will not boot. - **Stage 1** - truly minimal system. This stage makes the system bootable by installing system files like `/etc/fstab`, configures the bootloader, makes the network operable, and installs packages like raspi-config. At this stage the system should boot to a local console from which you have the means to perform basic tasks needed to configure and install the system. - This is as minimal as a system can possibly get, and its arguably not - really usable yet in a traditional sense yet. Still, if you want minimal, - this is minimal and the rest you could reasonably do yourself as sysadmin. - - **Stage 2** - lite system. This stage produces the Raspbian-Lite image. It - installs some optimized memory functions, sets timezone and charmap - defaults, installs fake-hwclock and ntp, wifi and bluetooth support, + - **Stage 2** - lite system. This stage produces the Raspberry Pi OS Lite image. + Stage 2 installs some optimized memory functions, sets timezone and charmap + defaults, installs fake-hwclock and ntp, wireless LAN and bluetooth support, dphys-swapfile, and other basics for managing the hardware. It also creates necessary groups and gives the pi user access to sudo and the standard console hardware permission groups. - There are a few tools that may not make a whole lot of sense here for - development purposes on a minimal system such as basic Python and Lua - packages as well as the `build-essential` package. They are lumped right - in with more essential packages presently, though they need not be with - pi-gen. These are understandable for Raspbian's target audience, but if - you were looking for something between truly minimal and Raspbian-Lite, - here's where you start trimming. + Note: Raspberry Pi OS Lite contains a number of tools for development, + including `Python`, `Lua` and the `build-essential` package. If you are + creating an image to deploy in products, be sure to remove extraneous development + tools before deployment. - **Stage 3** - desktop system. Here's where you get the full desktop system - with X11 and LXDE, web browsers, git for development, Raspbian custom UI + with X11 and LXDE, web browsers, git for development, Raspberry Pi OS custom UI enhancements, etc. This is a base desktop system, with some development tools installed. - - **Stage 4** - Normal Raspbian image. System meant to fit on a 4GB card. This is the - stage that installs most things that make Raspbian friendly to new - users like system documentation. + - **Stage 4** - Normal Raspberry Pi OS image. System meant to fit on a 4GB card. + This is the stage that installs most things that make Raspberry Pi OS friendly + to new users - e.g. system documentation. - - **Stage 5** - The Raspbian Full image. More development + - **Stage 5** - The Raspberry Pi OS Full image. More development tools, an email client, learning tools like Scratch, specialized packages - like sonic-pi, office productivity, etc. + like sonic-pi, office productivity, etc. ### Stage specification @@ -301,7 +397,7 @@ to `./stage2` (if building a minimal system). ```bash # Example for building a lite system -echo "IMG_NAME='Raspbian'" > config +echo "IMG_NAME='raspios'" > config touch ./stage3/SKIP ./stage4/SKIP ./stage5/SKIP touch ./stage4/SKIP_IMAGES ./stage5/SKIP_IMAGES sudo ./build.sh # or ./build-docker.sh @@ -324,27 +420,45 @@ follows: * Run build.sh to build all stages * Add SKIP files to the earlier successfully built stages * Modify the last stage - * Rebuild just the last stage using ```sudo CLEAN=1 ./build.sh``` + * Rebuild just the last stage using `sudo CLEAN=1 ./build.sh` (or, for docker builds + `PRESERVE_CONTAINER=1 CONTINUE=1 CLEAN=1 ./build-docker.sh`) * Once you're happy with the image you can remove the SKIP_IMAGES files and export your image to test # Troubleshooting ## `64 Bit Systems` -Please note there is currently an issue when compiling with a 64 Bit OS. See https://github.com/RPi-Distro/pi-gen/issues/271 +A 64 bit image can be generated from the `arm64` branch in this repository. Just +replace the command from [this section](#getting-started-with-building-your-images) +by the one below, and follow the rest of the documentation: +```bash +git clone --branch arm64 https://github.com/RPI-Distro/pi-gen.git +``` + +If you want to generate a 64 bits image from a Raspberry Pi running a 32 bits +version, you need to add `arm_64bit=1` to your `config.txt` file and reboot your +machine. This will restart your machine with a 64 bits kernel. This will only +work from a Raspberry Pi with a 64-bit capable processor (i.e. Raspberry Pi Zero +2, Raspberry Pi 3 or Raspberry Pi 4). + ## `binfmt_misc` -Linux is able execute binaries from other architectures, meaning that it should be +Linux is able to execute binaries from other architectures, meaning that it should be possible to make use of `pi-gen` on an x86_64 system, even though it will be running ARM binaries. This requires support from the [`binfmt_misc`](https://en.wikipedia.org/wiki/Binfmt_misc) kernel module. -You may see the following error: +You may see one of the following errors: ``` update-binfmts: warning: Couldn't load the binfmt_misc module. ``` +``` +W: Failure trying to run: chroot "/pi-gen/work/test/stage0/rootfs" /bin/true +and/or +chroot: failed to run command '/bin/true': Exec format error +``` To resolve this, ensure that the following files are available (install them if necessary): @@ -354,3 +468,5 @@ To resolve this, ensure that the following files are available (install them if ``` You may also need to load the module by hand - run `modprobe binfmt_misc`. + +If you are using WSL to build you may have to enable the service `sudo update-binfmts --enable` diff --git a/build-docker.sh b/build-docker.sh index b6a9ea3d81..14715d2528 100755 --- a/build-docker.sh +++ b/build-docker.sh @@ -1,12 +1,20 @@ -#!/bin/bash -eu -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +#!/usr/bin/env bash +# Note: Avoid usage of arrays as MacOS users have an older version of bash (v3.x) which does not supports arrays +set -eu + +DIR="$(CDPATH='' cd -- "$(dirname -- "$0")" && pwd)" BUILD_OPTS="$*" -DOCKER="docker" +# Allow user to override docker command +DOCKER=${DOCKER:-docker} -if ! ${DOCKER} ps >/dev/null 2>&1; then - DOCKER="sudo docker" +# Ensure that default docker command is not set up in rootless mode +if \ + ! ${DOCKER} ps >/dev/null 2>&1 || \ + ${DOCKER} info 2>/dev/null | grep -q rootless \ +; then + DOCKER="sudo ${DOCKER}" fi if ! ${DOCKER} ps >/dev/null; then echo "error connecting to docker:" @@ -47,6 +55,7 @@ fi CONTAINER_NAME=${CONTAINER_NAME:-pigen_work} CONTINUE=${CONTINUE:-0} PRESERVE_CONTAINER=${PRESERVE_CONTAINER:-0} +PIGEN_DOCKER_OPTS=${PIGEN_DOCKER_OPTS:-""} if [ -z "${IMG_NAME}" ]; then echo "IMG_NAME not set in 'config'" 1>&2 @@ -73,31 +82,89 @@ fi # Modify original build-options to allow config file to be mounted in the docker container BUILD_OPTS="$(echo "${BUILD_OPTS:-}" | sed -E 's@\-c\s?([^ ]+)@-c /config@')" -${DOCKER} build -t pi-gen "${DIR}" +# Check the arch of the machine we're running on. If it's 64-bit, use a 32-bit base image instead +case "$(uname -m)" in + x86_64|aarch64) + BASE_IMAGE=i386/debian:trixie + ;; + *) + BASE_IMAGE=debian:trixie + ;; +esac +${DOCKER} build --build-arg BASE_IMAGE=${BASE_IMAGE} -t pi-gen "${DIR}" + if [ "${CONTAINER_EXISTS}" != "" ]; then - trap 'echo "got CTRL+C... please wait 5s" && ${DOCKER} stop -t 5 ${CONTAINER_NAME}_cont' SIGINT SIGTERM - time ${DOCKER} run --rm --privileged \ - --volume "${CONFIG_FILE}":/config:ro \ - -e "GIT_HASH=${GIT_HASH}" \ - --volumes-from="${CONTAINER_NAME}" --name "${CONTAINER_NAME}_cont" \ - pi-gen \ - bash -e -o pipefail -c "dpkg-reconfigure qemu-user-static && - cd /pi-gen; ./build.sh ${BUILD_OPTS} && - rsync -av work/*/build.log deploy/" & - wait "$!" + DOCKER_CMDLINE_NAME="${CONTAINER_NAME}_cont" + DOCKER_CMDLINE_PRE="--rm" + DOCKER_CMDLINE_POST="--volumes-from=${CONTAINER_NAME}" else - trap 'echo "got CTRL+C... please wait 5s" && ${DOCKER} stop -t 5 ${CONTAINER_NAME}' SIGINT SIGTERM - time ${DOCKER} run --name "${CONTAINER_NAME}" --privileged \ - --volume "${CONFIG_FILE}":/config:ro \ - -e "GIT_HASH=${GIT_HASH}" \ - pi-gen \ - bash -e -o pipefail -c "dpkg-reconfigure qemu-user-static && - cd /pi-gen; ./build.sh ${BUILD_OPTS} && - rsync -av work/*/build.log deploy/" & - wait "$!" + DOCKER_CMDLINE_NAME="${CONTAINER_NAME}" + DOCKER_CMDLINE_PRE="" + DOCKER_CMDLINE_POST="" +fi + +# Check if binfmt_misc is required +binfmt_misc_required=1 +case $(uname -m) in + aarch64) + binfmt_misc_required=0 + ;; + arm*) + binfmt_misc_required=0 + ;; +esac + +# Check if qemu-arm and /proc/sys/fs/binfmt_misc are present +if [[ "${binfmt_misc_required}" == "1" ]]; then + if ! qemu_arm=$(which qemu-arm) ; then + echo "qemu-arm not found (please install qemu-user-binfmt)" + exit 1 + fi + if [ ! -f /proc/sys/fs/binfmt_misc/register ]; then + echo "binfmt_misc required but not mounted, trying to mount it..." + if ! mount binfmt_misc -t binfmt_misc /proc/sys/fs/binfmt_misc ; then + echo "mounting binfmt_misc failed" + exit 1 + fi + echo "binfmt_misc mounted" + fi + if ! grep -q "^interpreter ${qemu_arm}" /proc/sys/fs/binfmt_misc/qemu-arm* ; then + # Register qemu-arm for binfmt_misc + reg="echo ':qemu-arm-rpi:M::"\ +"\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:"\ +"\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:"\ +"${qemu_arm}:F' > /proc/sys/fs/binfmt_misc/register" + echo "Registering qemu-arm for binfmt_misc..." + sudo bash -c "${reg}" 2>/dev/null || true + fi fi + +trap 'echo "got CTRL+C... please wait 5s" && ${DOCKER} stop -t 5 ${DOCKER_CMDLINE_NAME}' SIGINT SIGTERM +time ${DOCKER} run \ + $DOCKER_CMDLINE_PRE \ + --name "${DOCKER_CMDLINE_NAME}" \ + --privileged \ + ${PIGEN_DOCKER_OPTS} \ + --volume "${CONFIG_FILE}":/config:ro \ + -e "GIT_HASH=${GIT_HASH}" \ + $DOCKER_CMDLINE_POST \ + pi-gen \ + bash -e -o pipefail -c " + dpkg-reconfigure qemu-user-binfmt && + # binfmt_misc is sometimes not mounted with debian trixie image + (mount binfmt_misc -t binfmt_misc /proc/sys/fs/binfmt_misc || true) && + cd /pi-gen; ./build.sh ${BUILD_OPTS} && + rsync -av work/*/build.log deploy/ + " & + wait "$!" + +# Ensure that deploy/ is always owned by calling user echo "copying results from deploy/" -${DOCKER} cp "${CONTAINER_NAME}":/pi-gen/deploy . +${DOCKER} cp "${CONTAINER_NAME}":/pi-gen/deploy - | tar -xf - + +echo "copying log from container ${CONTAINER_NAME} to deploy/" +${DOCKER} logs --timestamps "${CONTAINER_NAME}" &>deploy/build-docker.log + ls -lah deploy # cleanup diff --git a/build.sh b/build.sh index a8247ab040..3c5d7fb773 100755 --- a/build.sh +++ b/build.sh @@ -1,4 +1,5 @@ #!/bin/bash -e + # shellcheck disable=SC2119 run_sub_stage() { @@ -13,14 +14,14 @@ $(cat "${i}-debconf") SELEOF EOF - log "End ${SUB_STAGE_DIR}/${i}-debconf" + log "End ${SUB_STAGE_DIR}/${i}-debconf" fi if [ -f "${i}-packages-nr" ]; then log "Begin ${SUB_STAGE_DIR}/${i}-packages-nr" PACKAGES="$(sed -f "${SCRIPT_DIR}/remove-comments.sed" < "${i}-packages-nr")" if [ -n "$PACKAGES" ]; then on_chroot << EOF -apt-get -o APT::Acquire::Retries=3 install --no-install-recommends -y $PACKAGES +apt-get -o Acquire::Retries=3 install --no-install-recommends -y $PACKAGES EOF fi log "End ${SUB_STAGE_DIR}/${i}-packages-nr" @@ -30,7 +31,7 @@ EOF PACKAGES="$(sed -f "${SCRIPT_DIR}/remove-comments.sed" < "${i}-packages")" if [ -n "$PACKAGES" ]; then on_chroot << EOF -apt-get -o APT::Acquire::Retries=3 install -y $PACKAGES +apt-get -o Acquire::Retries=3 install -y $PACKAGES EOF fi log "End ${SUB_STAGE_DIR}/${i}-packages" @@ -67,6 +68,8 @@ EOF log "Begin ${SUB_STAGE_DIR}/${i}-run.sh" ./${i}-run.sh log "End ${SUB_STAGE_DIR}/${i}-run.sh" + elif [ -f ${i}-run.sh ]; then + log "Skip ${SUB_STAGE_DIR}/${i}-run.sh (not executable)" fi if [ -f ${i}-run-chroot.sh ]; then log "Begin ${SUB_STAGE_DIR}/${i}-run-chroot.sh" @@ -82,10 +85,14 @@ EOF run_stage(){ log "Begin ${STAGE_DIR}" STAGE="$(basename "${STAGE_DIR}")" + pushd "${STAGE_DIR}" > /dev/null - unmount "${WORK_DIR}/${STAGE}" + STAGE_WORK_DIR="${WORK_DIR}/${STAGE}" ROOTFS_DIR="${STAGE_WORK_DIR}"/rootfs + + unmount "${WORK_DIR}/${STAGE}" + if [ ! -f SKIP_IMAGES ]; then if [ -f "${STAGE_DIR}/EXPORT_IMAGE" ]; then EXPORT_DIRS="${EXPORT_DIRS} ${STAGE_DIR}" @@ -103,13 +110,14 @@ run_stage(){ log "End ${STAGE_DIR}/prerun.sh" fi for SUB_STAGE_DIR in "${STAGE_DIR}"/*; do - if [ -d "${SUB_STAGE_DIR}" ] && - [ ! -f "${SUB_STAGE_DIR}/SKIP" ]; then + if [ -d "${SUB_STAGE_DIR}" ] && [ ! -f "${SUB_STAGE_DIR}/SKIP" ]; then run_sub_stage fi done fi + unmount "${WORK_DIR}/${STAGE}" + PREV_STAGE="${STAGE}" PREV_STAGE_DIR="${STAGE_DIR}" PREV_ROOTFS_DIR="${ROOTFS_DIR}" @@ -117,12 +125,34 @@ run_stage(){ log "End ${STAGE_DIR}" } +term() { + if [ "$?" -ne 0 ]; then + log "Build failed" + else + log "Build finished" + fi + unmount "${STAGE_WORK_DIR}" + if [ "$STAGE" = "export-image" ]; then + for img in "${STAGE_WORK_DIR}/"*.img; do + unmount_image "$img" + done + fi +} + if [ "$(id -u)" != "0" ]; then echo "Please run as root" 1>&2 exit 1 fi BASE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +if [[ $BASE_DIR = *" "* ]]; then + echo "There is a space in the base path of pi-gen" + echo "This is not a valid setup supported by debootstrap." + echo "Please remove the spaces, or move pi-gen directory to a base path without spaces" 1>&2 + exit 1 +fi + export BASE_DIR if [ -f config ]; then @@ -145,32 +175,42 @@ done export PI_GEN=${PI_GEN:-pi-gen} export PI_GEN_REPO=${PI_GEN_REPO:-https://github.com/RPi-Distro/pi-gen} +export PI_GEN_RELEASE=${PI_GEN_RELEASE:-Raspberry Pi reference} -if [ -z "${IMG_NAME}" ]; then - echo "IMG_NAME not set" 1>&2 - exit 1 -fi +export ARCH=armhf +export RELEASE=${RELEASE:-trixie} # Don't forget to update stage0/prerun.sh +export IMG_NAME="${IMG_NAME:-raspios-$RELEASE-$ARCH}" export USE_QEMU="${USE_QEMU:-0}" export IMG_DATE="${IMG_DATE:-"$(date +%Y-%m-%d)"}" export IMG_FILENAME="${IMG_FILENAME:-"${IMG_DATE}-${IMG_NAME}"}" -export ZIP_FILENAME="${ZIP_FILENAME:-"image_${IMG_DATE}-${IMG_NAME}"}" +export ARCHIVE_FILENAME="${ARCHIVE_FILENAME:-"image_${IMG_DATE}-${IMG_NAME}"}" export SCRIPT_DIR="${BASE_DIR}/scripts" -export WORK_DIR="${WORK_DIR:-"${BASE_DIR}/work/${IMG_DATE}-${IMG_NAME}"}" +export WORK_DIR="${WORK_DIR:-"${BASE_DIR}/work/${IMG_NAME}"}" export DEPLOY_DIR=${DEPLOY_DIR:-"${BASE_DIR}/deploy"} -export DEPLOY_ZIP="${DEPLOY_ZIP:-1}" + +# DEPLOY_ZIP was deprecated in favor of DEPLOY_COMPRESSION +# This preserve the old behavior with DEPLOY_ZIP=0 where no archive was created +if [ -z "${DEPLOY_COMPRESSION}" ] && [ "${DEPLOY_ZIP:-1}" = "0" ]; then + echo "DEPLOY_ZIP has been deprecated in favor of DEPLOY_COMPRESSION" + echo "Similar behavior to DEPLOY_ZIP=0 can be obtained with DEPLOY_COMPRESSION=none" + echo "Please update your config file" + DEPLOY_COMPRESSION=none +fi +export DEPLOY_COMPRESSION=${DEPLOY_COMPRESSION:-zip} +export COMPRESSION_LEVEL=${COMPRESSION_LEVEL:-6} export LOG_FILE="${WORK_DIR}/build.log" export TARGET_HOSTNAME=${TARGET_HOSTNAME:-raspberrypi} export FIRST_USER_NAME=${FIRST_USER_NAME:-pi} -export FIRST_USER_PASS=${FIRST_USER_PASS:-raspberry} -export RELEASE=${RELEASE:-buster} -export WPA_ESSID -export WPA_PASSWORD +export FIRST_USER_PASS +export DISABLE_FIRST_BOOT_USER_RENAME=${DISABLE_FIRST_BOOT_USER_RENAME:-0} +export PASSWORDLESS_SUDO="${PASSWORDLESS_SUDO:-0}" export WPA_COUNTRY export ENABLE_SSH="${ENABLE_SSH:-0}" +export PUBKEY_ONLY_SSH="${PUBKEY_ONLY_SSH:-0}" export LOCALE_DEFAULT="${LOCALE_DEFAULT:-en_GB.UTF-8}" @@ -181,9 +221,11 @@ export TIMEZONE_DEFAULT="${TIMEZONE_DEFAULT:-Europe/London}" export GIT_HASH=${GIT_HASH:-"$(git rev-parse HEAD)"} +export PUBKEY_SSH_FIRST_USER + export CLEAN -export IMG_NAME export APT_PROXY +export TEMP_REPO export STAGE export STAGE_DIR @@ -203,19 +245,61 @@ export QUILT_NO_DIFF_INDEX=1 export QUILT_NO_DIFF_TIMESTAMPS=1 export QUILT_REFRESH_ARGS="-p ab" +export ENABLE_CLOUD_INIT=${ENABLE_CLOUD_INIT:-1} + # shellcheck source=scripts/common source "${SCRIPT_DIR}/common" # shellcheck source=scripts/dependencies_check source "${SCRIPT_DIR}/dependencies_check" +if [ "$SETFCAP" != "1" ]; then + export CAPSH_ARG="--drop=cap_setfcap" +fi + +mkdir -p "${WORK_DIR}" +trap term EXIT INT TERM + dependencies_check "${BASE_DIR}/depends" + +PAGESIZE=$(getconf PAGESIZE) +if [ "$ARCH" == "armhf" ] && [ "$PAGESIZE" != "4096" ]; then + echo + echo "ERROR: Building an $ARCH image requires a kernel with a 4k page size (current: $PAGESIZE)" + echo "On Raspberry Pi OS (64-bit), you can switch to a suitable kernel by adding the following to /boot/firmware/config.txt and rebooting:" + echo + echo "kernel=kernel8.img" + echo "initramfs initramfs8 followkernel" + echo + exit 1 +fi + +echo "Checking native $ARCH executable support..." +if ! arch-test -n "$ARCH"; then + echo "WARNING: Only a native build environment is supported. Checking emulated support..." + if ! arch-test "$ARCH"; then + echo "No fallback mechanism found. Ensure your OS has binfmt_misc support enabled and configured." + exit 1 + fi +fi + #check username is valid if [[ ! "$FIRST_USER_NAME" =~ ^[a-z][-a-z0-9_]*$ ]]; then echo "Invalid FIRST_USER_NAME: $FIRST_USER_NAME" exit 1 fi +if [[ "$DISABLE_FIRST_BOOT_USER_RENAME" == "1" ]] && [ -z "${FIRST_USER_PASS}" ]; then + echo "To disable user rename on first boot, FIRST_USER_PASS needs to be set" + echo "Not setting FIRST_USER_PASS makes your system vulnerable and open to cyberattacks" + exit 1 +fi + +if [[ "$DISABLE_FIRST_BOOT_USER_RENAME" == "1" ]]; then + echo "User rename on the first boot is disabled" + echo "Be advised of the security risks linked to shipping a device with default username/password set." +fi + if [[ -n "${APT_PROXY}" ]] && ! curl --silent "${APT_PROXY}" >/dev/null ; then echo "Could not reach APT_PROXY server: ${APT_PROXY}" exit 1 @@ -226,10 +310,22 @@ if [[ -n "${WPA_PASSWORD}" && ${#WPA_PASSWORD} -lt 8 || ${#WPA_PASSWORD} -gt 63 exit 1 fi -mkdir -p "${WORK_DIR}" +if [[ "${PUBKEY_ONLY_SSH}" = "1" && -z "${PUBKEY_SSH_FIRST_USER}" ]]; then + echo "Must set 'PUBKEY_SSH_FIRST_USER' to a valid SSH public key if using PUBKEY_ONLY_SSH" + exit 1 +fi + log "Begin ${BASE_DIR}" STAGE_LIST=${STAGE_LIST:-${BASE_DIR}/stage*} +export STAGE_LIST + +EXPORT_CONFIG_DIR=$(realpath "${EXPORT_CONFIG_DIR:-"${BASE_DIR}/export-image"}") +if [ ! -d "${EXPORT_CONFIG_DIR}" ]; then + echo "EXPORT_CONFIG_DIR invalid: ${EXPORT_CONFIG_DIR} does not exist" + exit 1 +fi +export EXPORT_CONFIG_DIR for STAGE_DIR in $STAGE_LIST; do STAGE_DIR=$(realpath "${STAGE_DIR}") @@ -238,7 +334,7 @@ done CLEAN=1 for EXPORT_DIR in ${EXPORT_DIRS}; do - STAGE_DIR=${BASE_DIR}/export-image + STAGE_DIR=${EXPORT_CONFIG_DIR} # shellcheck source=/dev/null source "${EXPORT_DIR}/EXPORT_IMAGE" EXPORT_ROOTFS_DIR=${WORK_DIR}/$(basename "${EXPORT_DIR}")/rootfs @@ -253,7 +349,7 @@ for EXPORT_DIR in ${EXPORT_DIRS}; do fi done -if [ -x ${BASE_DIR}/postrun.sh ]; then +if [ -x "${BASE_DIR}/postrun.sh" ]; then log "Begin postrun.sh" cd "${BASE_DIR}" ./postrun.sh diff --git a/depends b/depends index a86bc82123..0aa89cb29c 100644 --- a/depends +++ b/depends @@ -1,13 +1,14 @@ quilt parted realpath:coreutils -qemu-arm-static:qemu-user-static +qemu-arm:qemu-user-binfmt debootstrap zerofree zip mkdosfs:dosfstools +mke2fs:e2fsprogs capsh:libcap2-bin -bsdtar +bsdtar:libarchive-tools grep rsync xz:xz-utils @@ -17,3 +18,6 @@ file git lsmod:kmod bc +gpg +pigz +arch-test diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index f733860857..0000000000 --- a/docker-compose.yml +++ /dev/null @@ -1,10 +0,0 @@ -version: '2' - -services: - apt-cacher-ng: - restart: unless-stopped - image: sameersbn/apt-cacher-ng:latest - ports: - - "3142:3142" - volumes: - - ./apt-cacher-ng:/var/cache/apt-cacher-ng diff --git a/export-image/00-allow-rerun/00-run.sh b/export-image/00-allow-rerun/00-run.sh index dd67f4cbe4..860ed51a6a 100755 --- a/export-image/00-allow-rerun/00-run.sh +++ b/export-image/00-allow-rerun/00-run.sh @@ -1,9 +1,5 @@ #!/bin/bash -e -if [ ! -x "${ROOTFS_DIR}/usr/bin/qemu-arm-static" ]; then - cp /usr/bin/qemu-arm-static "${ROOTFS_DIR}/usr/bin/" -fi - if [ -e "${ROOTFS_DIR}/etc/ld.so.preload" ]; then mv "${ROOTFS_DIR}/etc/ld.so.preload" "${ROOTFS_DIR}/etc/ld.so.preload.disabled" fi diff --git a/export-image/01-set-sources/01-run.sh b/export-image/01-set-sources/01-run.sh deleted file mode 100755 index 86dea2d879..0000000000 --- a/export-image/01-set-sources/01-run.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -e - -on_chroot << EOF -apt-get update -apt-get -y dist-upgrade -apt-get clean -EOF diff --git a/export-image/01-user-rename/00-packages b/export-image/01-user-rename/00-packages new file mode 100644 index 0000000000..e8b69fc4e2 --- /dev/null +++ b/export-image/01-user-rename/00-packages @@ -0,0 +1 @@ +userconf-pi diff --git a/export-image/01-user-rename/01-run.sh b/export-image/01-user-rename/01-run.sh new file mode 100755 index 0000000000..aa5dd94102 --- /dev/null +++ b/export-image/01-user-rename/01-run.sh @@ -0,0 +1,9 @@ +#!/bin/bash -e + +if [[ "${DISABLE_FIRST_BOOT_USER_RENAME}" == "0" ]]; then + on_chroot <<- EOF + SUDO_USER="${FIRST_USER_NAME}" rename-user -f -s + EOF +else + rm -f "${ROOTFS_DIR}/etc/xdg/autostart/piwiz.desktop" +fi diff --git a/export-image/02-set-sources/01-run.sh b/export-image/02-set-sources/01-run.sh new file mode 100755 index 0000000000..d93efdfc91 --- /dev/null +++ b/export-image/02-set-sources/01-run.sh @@ -0,0 +1,10 @@ +#!/bin/bash -e + +rm -f "${ROOTFS_DIR}/etc/apt/apt.conf.d/51cache" +rm -f "${ROOTFS_DIR}/etc/apt/sources.list.d/00-temp.list" +find "${ROOTFS_DIR}/var/lib/apt/lists/" -type f -delete +on_chroot << EOF +apt-get update +apt-get -y dist-upgrade --auto-remove --purge +apt-get clean +EOF diff --git a/export-image/02-network/01-run.sh b/export-image/03-network/01-run.sh similarity index 100% rename from export-image/02-network/01-run.sh rename to export-image/03-network/01-run.sh diff --git a/export-image/02-network/files/resolv.conf b/export-image/03-network/files/resolv.conf similarity index 100% rename from export-image/02-network/files/resolv.conf rename to export-image/03-network/files/resolv.conf diff --git a/export-image/03-set-partuuid/00-run.sh b/export-image/04-set-partuuid/00-run.sh similarity index 94% rename from export-image/03-set-partuuid/00-run.sh rename to export-image/04-set-partuuid/00-run.sh index 1538c07f24..99500f36fb 100755 --- a/export-image/03-set-partuuid/00-run.sh +++ b/export-image/04-set-partuuid/00-run.sh @@ -10,4 +10,4 @@ ROOT_PARTUUID="${IMGID}-02" sed -i "s/BOOTDEV/PARTUUID=${BOOT_PARTUUID}/" "${ROOTFS_DIR}/etc/fstab" sed -i "s/ROOTDEV/PARTUUID=${ROOT_PARTUUID}/" "${ROOTFS_DIR}/etc/fstab" -sed -i "s/ROOTDEV/PARTUUID=${ROOT_PARTUUID}/" "${ROOTFS_DIR}/boot/cmdline.txt" +sed -i "s/ROOTDEV/PARTUUID=${ROOT_PARTUUID}/" "${ROOTFS_DIR}/boot/firmware/cmdline.txt" diff --git a/export-image/04-finalise/01-run.sh b/export-image/05-finalise/01-run.sh similarity index 51% rename from export-image/04-finalise/01-run.sh rename to export-image/05-finalise/01-run.sh index 0864639b23..304b716ebc 100755 --- a/export-image/04-finalise/01-run.sh +++ b/export-image/05-finalise/01-run.sh @@ -2,21 +2,31 @@ IMG_FILE="${STAGE_WORK_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.img" INFO_FILE="${STAGE_WORK_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.info" +SBOM_FILE="${STAGE_WORK_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.sbom" +BMAP_FILE="${STAGE_WORK_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.bmap" -on_chroot << EOF -if [ -x /etc/init.d/fake-hwclock ]; then - /etc/init.d/fake-hwclock stop -fi -if hash hardlink 2>/dev/null; then - hardlink -t /usr/share/doc -fi +on_chroot <<- EOF + update-initramfs -k all -c + if hash hardlink 2>/dev/null; then + hardlink -t /usr/share/doc + fi + if [ -f /usr/lib/systemd/system/apt-listchanges.service ]; then + python3 -m apt_listchanges.populate_database --profile apt + systemctl disable apt-listchanges.timer + fi + install -m 755 -o systemd-timesync -g systemd-timesync -d /var/lib/systemd/timesync + install -m 644 -o systemd-timesync -g systemd-timesync /dev/null /var/lib/systemd/timesync/clock EOF +if [ -f "${ROOTFS_DIR}/etc/initramfs-tools/update-initramfs.conf" ]; then + sed -i 's/^update_initramfs=.*/update_initramfs=yes/' "${ROOTFS_DIR}/etc/initramfs-tools/update-initramfs.conf" + sed -i 's/^MODULES=.*/MODULES=dep/' "${ROOTFS_DIR}/etc/initramfs-tools/initramfs.conf" +fi + if [ -d "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.config" ]; then chmod 700 "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.config" fi -rm -f "${ROOTFS_DIR}/etc/apt/apt.conf.d/51cache" rm -f "${ROOTFS_DIR}/usr/bin/qemu-arm-static" if [ "${USE_QEMU}" != "1" ]; then @@ -44,7 +54,7 @@ rm -f "${ROOTFS_DIR}"/usr/share/icons/*/icon-theme.cache rm -f "${ROOTFS_DIR}/var/lib/dbus/machine-id" -true > "${ROOTFS_DIR}/etc/machine-id" +echo "uninitialized" > "${ROOTFS_DIR}/etc/machine-id" ln -nsf /proc/mounts "${ROOTFS_DIR}/etc/mtab" @@ -54,11 +64,13 @@ rm -f "${ROOTFS_DIR}/root/.vnc/private.key" rm -f "${ROOTFS_DIR}/etc/vnc/updateid" update_issue "$(basename "${EXPORT_DIR}")" -install -m 644 "${ROOTFS_DIR}/etc/rpi-issue" "${ROOTFS_DIR}/boot/issue.txt" +install -m 644 "${ROOTFS_DIR}/etc/rpi-issue" "${ROOTFS_DIR}/boot/firmware/issue.txt" +if ! [ -L "${ROOTFS_DIR}/boot/issue.txt" ]; then + ln -s firmware/issue.txt "${ROOTFS_DIR}/boot/issue.txt" +fi cp "$ROOTFS_DIR/etc/rpi-issue" "$INFO_FILE" - { if [ -f "$ROOTFS_DIR/usr/share/doc/raspberrypi-kernel/changelog.Debian.gz" ]; then firmware=$(zgrep "firmware as of" \ @@ -77,25 +89,56 @@ cp "$ROOTFS_DIR/etc/rpi-issue" "$INFO_FILE" dpkg -l --root "$ROOTFS_DIR" } >> "$INFO_FILE" -ROOT_DEV="$(mount | grep "${ROOTFS_DIR} " | cut -f1 -d' ')" +if hash syft 2>/dev/null; then + syft scan dir:"${ROOTFS_DIR}" \ + --base-path="${ROOTFS_DIR}" \ + --source-name="${IMG_NAME}${IMG_SUFFIX}" \ + --source-version="${IMG_DATE}" \ + -o spdx-json="${SBOM_FILE}" +fi + +ROOT_DEV="$(awk "\$2 == \"${ROOTFS_DIR}\" {print \$1}" /etc/mtab)" unmount "${ROOTFS_DIR}" zerofree "${ROOT_DEV}" unmount_image "${IMG_FILE}" +if hash bmaptool 2>/dev/null; then + bmaptool create \ + -o "${BMAP_FILE}" \ + "${IMG_FILE}" +fi + mkdir -p "${DEPLOY_DIR}" -rm -f "${DEPLOY_DIR}/${ZIP_FILENAME}${IMG_SUFFIX}.zip" +rm -f "${DEPLOY_DIR}/${ARCHIVE_FILENAME}${IMG_SUFFIX}.*" rm -f "${DEPLOY_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.img" -if [ "${DEPLOY_ZIP}" == "1" ]; then +case "${DEPLOY_COMPRESSION}" in +zip) pushd "${STAGE_WORK_DIR}" > /dev/null - zip "${DEPLOY_DIR}/${ZIP_FILENAME}${IMG_SUFFIX}.zip" \ - "$(basename "${IMG_FILE}")" + zip -"${COMPRESSION_LEVEL}" \ + "${DEPLOY_DIR}/${ARCHIVE_FILENAME}${IMG_SUFFIX}.zip" "$(basename "${IMG_FILE}")" popd > /dev/null -else - cp "$IMG_FILE" "$DEPLOY_DIR" + ;; +gz) + pigz --force -"${COMPRESSION_LEVEL}" "$IMG_FILE" --stdout > \ + "${DEPLOY_DIR}/${ARCHIVE_FILENAME}${IMG_SUFFIX}.img.gz" + ;; +xz) + xz --compress --force --threads 0 --memlimit-compress=50% -"${COMPRESSION_LEVEL}" \ + --stdout "$IMG_FILE" > "${DEPLOY_DIR}/${ARCHIVE_FILENAME}${IMG_SUFFIX}.img.xz" + ;; +none | *) + cp "$IMG_FILE" "$DEPLOY_DIR/" +;; +esac + +if [ -f "${SBOM_FILE}" ]; then + xz -c "${SBOM_FILE}" > "$DEPLOY_DIR/$(basename "${SBOM_FILE}").xz" fi - -cp "$INFO_FILE" "$DEPLOY_DIR" +if [ -f "${BMAP_FILE}" ]; then + cp "$BMAP_FILE" "$DEPLOY_DIR/" +fi +cp "$INFO_FILE" "$DEPLOY_DIR/" diff --git a/export-image/prerun.sh b/export-image/prerun.sh index 8bbc566e06..ba5ea2bc08 100755 --- a/export-image/prerun.sh +++ b/export-image/prerun.sh @@ -9,11 +9,11 @@ rm -f "${IMG_FILE}" rm -rf "${ROOTFS_DIR}" mkdir -p "${ROOTFS_DIR}" -BOOT_SIZE="$((256 * 1024 * 1024))" -ROOT_SIZE=$(du --apparent-size -s "${EXPORT_ROOTFS_DIR}" --exclude var/cache/apt/archives --exclude boot --block-size=1 | cut -f 1) +BOOT_SIZE="$((512 * 1024 * 1024))" +ROOT_SIZE=$(du -x --apparent-size -s "${EXPORT_ROOTFS_DIR}" --exclude var/cache/apt/archives --exclude boot/firmware --block-size=1 | cut -f 1) # All partition sizes and starts will be aligned to this size -ALIGN="$((4 * 1024 * 1024))" +ALIGN="$((8 * 1024 * 1024))" # Add this much space to the calculated file size. This allows for # some overhead (since actual space usage is usually rounded up to the # filesystem block size) and gives some free space on the resulting @@ -32,30 +32,42 @@ parted --script "${IMG_FILE}" mklabel msdos parted --script "${IMG_FILE}" unit B mkpart primary fat32 "${BOOT_PART_START}" "$((BOOT_PART_START + BOOT_PART_SIZE - 1))" parted --script "${IMG_FILE}" unit B mkpart primary ext4 "${ROOT_PART_START}" "$((ROOT_PART_START + ROOT_PART_SIZE - 1))" -PARTED_OUT=$(parted -sm "${IMG_FILE}" unit b print) -BOOT_OFFSET=$(echo "$PARTED_OUT" | grep -e '^1:' | cut -d':' -f 2 | tr -d B) -BOOT_LENGTH=$(echo "$PARTED_OUT" | grep -e '^1:' | cut -d':' -f 4 | tr -d B) - -ROOT_OFFSET=$(echo "$PARTED_OUT" | grep -e '^2:' | cut -d':' -f 2 | tr -d B) -ROOT_LENGTH=$(echo "$PARTED_OUT" | grep -e '^2:' | cut -d':' -f 4 | tr -d B) +echo "Creating loop device..." +cnt=0 +until ensure_next_loopdev && LOOP_DEV="$(losetup --show --find --partscan "$IMG_FILE")"; do + if [ $cnt -lt 5 ]; then + cnt=$((cnt + 1)) + echo "Error in losetup. Retrying..." + sleep 5 + else + echo "ERROR: losetup failed; exiting" + exit 1 + fi +done -BOOT_DEV=$(losetup --show -f -o "${BOOT_OFFSET}" --sizelimit "${BOOT_LENGTH}" "${IMG_FILE}") -ROOT_DEV=$(losetup --show -f -o "${ROOT_OFFSET}" --sizelimit "${ROOT_LENGTH}" "${IMG_FILE}") -echo "/boot: offset $BOOT_OFFSET, length $BOOT_LENGTH" -echo "/: offset $ROOT_OFFSET, length $ROOT_LENGTH" +ensure_loopdev_partitions "$LOOP_DEV" +BOOT_DEV="${LOOP_DEV}p1" +ROOT_DEV="${LOOP_DEV}p2" ROOT_FEATURES="^huge_file" -for FEATURE in metadata_csum 64bit; do - if grep -q "$FEATURE" /etc/mke2fs.conf; then - ROOT_FEATURES="^$FEATURE,$ROOT_FEATURES" - fi +for FEATURE in 64bit; do +if grep -q "$FEATURE" /etc/mke2fs.conf; then + ROOT_FEATURES="^$FEATURE,$ROOT_FEATURES" +fi done -mkdosfs -n boot -F 32 -v "$BOOT_DEV" > /dev/null + +if [ "$BOOT_SIZE" -lt 134742016 ]; then + FAT_SIZE=16 +else + FAT_SIZE=32 +fi + +mkdosfs -n bootfs -F "$FAT_SIZE" -s 1 -v "$BOOT_DEV" > /dev/null mkfs.ext4 -L rootfs -O "$ROOT_FEATURES" "$ROOT_DEV" > /dev/null mount -v "$ROOT_DEV" "${ROOTFS_DIR}" -t ext4 -mkdir -p "${ROOTFS_DIR}/boot" -mount -v "$BOOT_DEV" "${ROOTFS_DIR}/boot" -t vfat +mkdir -p "${ROOTFS_DIR}/boot/firmware" +mount -v "$BOOT_DEV" "${ROOTFS_DIR}/boot/firmware" -t vfat -rsync -aHAXx --exclude /var/cache/apt/archives --exclude /boot "${EXPORT_ROOTFS_DIR}/" "${ROOTFS_DIR}/" -rsync -rtx "${EXPORT_ROOTFS_DIR}/boot/" "${ROOTFS_DIR}/boot/" +rsync -aHAXx --exclude /var/cache/apt/archives --exclude /boot/firmware "${EXPORT_ROOTFS_DIR}/" "${ROOTFS_DIR}/" +rsync -rtx "${EXPORT_ROOTFS_DIR}/boot/firmware/" "${ROOTFS_DIR}/boot/firmware/" diff --git a/export-noobs/00-release/00-run.sh b/export-noobs/00-release/00-run.sh index 18a3a5dcd6..513cbfd26d 100755 --- a/export-noobs/00-release/00-run.sh +++ b/export-noobs/00-release/00-run.sh @@ -1,6 +1,6 @@ #!/bin/bash -e -NOOBS_DIR="${STAGE_WORK_DIR}/${IMG_DATE}-${IMG_NAME}${IMG_SUFFIX}" +NOOBS_DIR="${STAGE_WORK_DIR}/${IMG_NAME}${IMG_SUFFIX}" install -v -m 744 files/partition_setup.sh "${NOOBS_DIR}/" install -v files/partitions.json "${NOOBS_DIR}/" @@ -20,7 +20,7 @@ BOOT_SIZE="$(( BOOT_SIZE / 1024 / 1024 + 1))" ROOT_SIZE="$(( ROOT_SIZE / 1024 / 1024 + 1))" BOOT_NOM="256" -ROOT_NOM="$(( ROOT_SIZE + 400 ))" +ROOT_NOM="$(echo "$ROOT_SIZE" | awk '{printf "%.0f", (($1 + 400) * 1.2) + 0.5 }')" mv "${NOOBS_DIR}/OS.png" "${NOOBS_DIR}/${NOOBS_NAME// /_}.png" @@ -37,6 +37,7 @@ sed "${NOOBS_DIR}/os.json" -i -e "s|UNRELEASED|${IMG_DATE}|" sed "${NOOBS_DIR}/os.json" -i -e "s|NOOBS_NAME|${NOOBS_NAME}|" sed "${NOOBS_DIR}/os.json" -i -e "s|NOOBS_DESCRIPTION|${NOOBS_DESCRIPTION}|" sed "${NOOBS_DIR}/os.json" -i -e "s|RELEASE|${RELEASE}|" +sed "${NOOBS_DIR}/os.json" -i -e "s|KERNEL|$(cat "${STAGE_WORK_DIR}/kernel_version")|" sed "${NOOBS_DIR}/release_notes.txt" -i -e "s|UNRELEASED|${IMG_DATE}|" diff --git a/export-noobs/00-release/files/OS.png b/export-noobs/00-release/files/OS.png index 02b67cf7e9..3091bf9506 100644 Binary files a/export-noobs/00-release/files/OS.png and b/export-noobs/00-release/files/OS.png differ diff --git a/export-noobs/00-release/files/os.json b/export-noobs/00-release/files/os.json index e231238be6..6cc0e36d80 100644 --- a/export-noobs/00-release/files/os.json +++ b/export-noobs/00-release/files/os.json @@ -1,7 +1,7 @@ { "description": "NOOBS_DESCRIPTION", "feature_level": 35120124, - "kernel": "4.19", + "kernel": "KERNEL", "name": "NOOBS_NAME", "password": "raspberry", "release_date": "UNRELEASED", diff --git a/export-noobs/00-release/files/partitions.json b/export-noobs/00-release/files/partitions.json index 3d060173a3..8ca103d545 100644 --- a/export-noobs/00-release/files/partitions.json +++ b/export-noobs/00-release/files/partitions.json @@ -3,7 +3,7 @@ { "filesystem_type": "FAT", "label": "boot", - "mkfs_options": "-F 32", + "mkfs_options": "-F 32 -s 4", "partition_size_nominal": BOOT_NOM, "uncompressed_tarball_size": BOOT_SIZE, "want_maximised": false, diff --git a/export-noobs/00-release/files/release_notes.txt b/export-noobs/00-release/files/release_notes.txt index bde0861e8a..daa8bf17e0 100644 --- a/export-noobs/00-release/files/release_notes.txt +++ b/export-noobs/00-release/files/release_notes.txt @@ -1,6 +1,590 @@ UNRELEASED: * -2020-05-27 +2026-04-13: + * Passwordless sudo now disabled by default + * Switch to enable passwordless sudo added to Control Centre System tab and to raspi-config + * New Main Menu tab added to Control Centre to allow editing of main menu; alacarte menu editor removed + * Main menu now launches applications using standard gtk-launch code + * Run and Shutdown options in main menu now packaged applications instead of hard-coded into menu + * New launcher and task list plugins for taskbar; launcher now supports drag and drop to reorganise icons + * uBlock Origin Lite and h264ify plugins installed in Chromium by default + * cups-browsed printer discovery service now starts and stops with Control Centre rather than running continuously + * libpam-gnome-keyring installed to integrate Chromium password management with system password + * Desktop tab in Control Centre now allows home folder to be displayed on desktop instead of documents folder + * Pulseaudio no longer installed by default; raspi-config option to use it also removed + * Direct control of pipewire audio integrated with first-boot wizard + * Improved mechanism to detect clicking away from panel popup windows, compatible with Connect + * More efficient method for detecting desktop being closed to re-enable power button + * Bug fix - keystrokes sometimes being missed when opening search box in main menu + * Bug fix - touchscreens not correctly configured by Control Centre under X + * Bug fix - opening Control Centre when an SD card was mounted caused the window to be too big + * Bug fix - some mouse cursors displaying incorrectly when screen scaling in use + * Bug fix - file manager crash when switching TTYs + * Bug fix - greeter crash when switching TTYs + * Raspberry Pi firmware dce3a7f35498e1a6340748f599e7d74d9001c1fe + * Linux kernel 6.12.75 - 89050b1059997d38d55462b323b099a6436dc10d +2025-12-04: + * Added ability to safely eject HDD and NVMe drives connected via USB + * Added Alt-F2 shortcut to open run dialog in labwc desktop + * Screens control panel no longer creates a default kanshi config file when started + * Bug fix - crash when using mounted drives or wastebasket in Places view + * Bug fix - crash when unloading system monitor plugin + * Bug fix - crash when power-cycling audio devices + * Bug fix - Bluetooth plugin icon not being hidden correctly on devices with no Bluetooth hardware + * Bug fix - crash in file manager which switching to a TTY + * Raspberry Pi firmware 676efed1194de38975889a34276091da1f5aadd3 + * Linux kernel 6.12.47 - 359f37f0faefb712add32a39f98751aea67d5c1f +2025-11-24: + * Upgrade to version 0.9.2 of labwc + * Support for setting HiDPI scaling added to Screens control panel + * Support for HiDPI icons added to panel, file manager and various applications + * Alacarte menu editor reinstated in image + * Pulseaudio removed from image + * Icons added to Wayland task switcher + * Openbox window appearance changed to match labwc + * Volume sliders and calendar popups close when icon clicked + * Support for themeing Qt6 applications added + * Font selection for Qt5 applications corrected + * Control Centre plugin dialogs hidden from taskbar + * Correct icons used for external drives + * Portuguese translations updated + * Chromium updated to version 142.0.7444.162 + * Firefox updated to version 145.0 + * Raspberry Pi firmware 676efed1194de38975889a34276091da1f5aadd3 + * Linux kernel 6.12.47 - 359f37f0faefb712add32a39f98751aea67d5c1f + * New Downloads signing key fingerprint: + - F4AA DD86 C468 7D69 AE04 543E 796C 114A D12B 2292 +2025-10-01: + * Based on Debian Trixie release + * New plugin-based Control Centre application + * Plugins for same built from existing Raspberry Pi Configuration, Appearance + Settings, Mouse and Keyboard Settings, Screen Configuration and Printer + Settings applications; code and functionality identical + * New icon theme, PiXtrix + * New GTK themes, PiXtrix (standard) and PiXonyx (dark) + * New desktop wallpapers + * New system font, Nunito Sans Light + * lxpanel replaced with forked lxpanel-pi; unsupported plugins removed + * lxpanelctl replaced with lxpanelctl-pi command-line application + * New System Monitor plugin added to taskbar for power and other warnings + * New shared Clock plugin added for wf-panel-pi and lxpanel-pi taskbars + * Main menu shortcuts to Raspberry Pi website removed and replaced with + pre-loaded bookmarks in Chromium and Firefox + * Main menu shortcut to Raspberry Pi Beginner's Guide added + * Bookshelf application now displays contributor-only titles and includes + option to contribute to unlock them + * SenseHAT Emulator reinstated in Recommended Software + * labwc updated to version 0.8.4 + * General keyboard control improvements in GTK applications + * International translations of user guides installed by startup wizard as + appropriate + * raspberrypi-ui-mods package removed - replaced with structured metapackage, + rpd-metas + * Shutdown helper does not offer lock screen option when invoked by a user + who has no password set + * Chromium updated to version 140.0.7339.185 + * Firefox updated to version 142.0.1 + * Debian Reference no longer included + * Alacarte menu editor no longer included + * Remote GPIO option removed from Control Centre + * Added rpi-keyboard-config and rpi-keyboard-fw-update + * Raspberry Pi firmware 676efed1194de38975889a34276091da1f5aadd3 + * Linux kernel 6.12.47 - 359f37f0faefb712add32a39f98751aea67d5c1f +2025-05-13: + * Setting touchscreen in Screen Configuration does not delete default associations for greeter + * Bug fix - wizard keyboard setting correctly transferred into desktop + * Chromium updated to 136.0.7103.92 + * Raspberry Pi firmware bc7f439c234e19371115e07b57c366df59cc1bc7 + * Linux kernel 6.12.25 - 3dd2c2c507c271d411fab2e82a2b3b7e0b6d3f16 +2025-05-06: + * New mouse and keyboard settings application, rasputin, to replace lxinput + * New printer application, rpinters, to replace system-config-printer + * Added swaylock screen lock application for labwc - use ctrl-alt-L to lock, or access via new option in Shutdown Options + * Added separate settings for console and desktop autologin to raspi-config and Raspberry Pi Configuration + * New command-line password prompt application, sudopwd, to replace zenity password prompts + * New command-line dialog tool, zenoty, to replace zenity error, information, warning and question dialogs + * labwc updated to version 0.8.1 + * wf-panel-pi startup optimised - now starts much faster + * Network manager plugin updated from latest upstream code + * Busy indication (watch cursor) added to first boot wizard + * uBlock Origin Lite now installed by default in Chromium, as it is no longer possible to preinstall uBlock Origin + * Added compatibility with recent kernel to GPU plugin and task manager + * Added more default touchscreen associations + * Added ability to select mouse emulation or multitouch mode for touchscreens in Screen Configuration + * Added ability to set monitor on which squeekboard on-screen keyboard is shown in Raspberry Pi Configuration + * Plugins for lxpanel and wf-panel-pi restructured to build from shared projects for each, to reduce any divergence between them + * Apperance Settings and Raspberry Pi Configuration reviewed - various minor inconsistencies between X and Wayland addressed + * HackSpace removed from Bookshelf application + * Bug fix - correctly position panel menus on secondary monitor under X + * Bug fix - prevent desktop pictures overflowing bounds of monitors + * Bug fix - squeekboard not starting unless a specific monitor had been set for it + * Bug fix - some application icons, including Chromium web apps, were incorrect on the taskbar + * Bug fix - greeter keyboard layout was being reset on updates + * Bug fix - main menu submenus were not scrollable if they didn't fit the screen + * Bug fix - Connect plugin now more accurately detects when Connect is installed and uninstalled + * Bug fix - modified wfpanelctl to work correctly when called via PackageKit + * Various other minor tweaks and updates + * Chromium updated to 135.0.7049.84 + * Firefox updated to 138.0 + * Raspberry Pi firmware bc7f439c234e19371115e07b57c366df59cc1bc7 + * Linux kernel 6.12.25 - 3dd2c2c507c271d411fab2e82a2b3b7e0b6d3f16 +2024-10-22: + * labwc compositor now used as the default on all models of Raspberry Pi + * wf-panel-pi now loads plugins dynamically at runtime + * New raindrop screen configuration tool to replace arandr + * squeekboard on-screen keyboard installed; will automatically run on systems + with touchscreens, and can be manually enabled in rc-gui for others + * Improved support for touchscreens - long press for right-click, and + double-tap for double-click + * Update installer moved out of panel code into separate gui-updater package + * Missing cursors added to icon theme + * Wizard no longer auto-pairs Bluetooth HID devices by default - create the + file "/boot/firmware/btautopair" to enable, or reboot wizard after first run + * Modified handling of Pi 5 power button to reduce CPU load when in shutdown + dialog + * Raspberry Pi Connect now controlled by dedicated panel plugin instead of + system tray icon and option in rc-gui + * Screen sharing in Raspberry Pi Connect now available as soon as a running + WayVNC server is detected + * Safety info URL added to main menu + * Chromium package renamed from chromium-browser to chromium + * Various memory leaks in pcmanfm fixed + * Bug fix - crash when running Appearance Settings on headless systems + * Bug fix - crash when opening icon chooser in application properties dialog + * Translations updated + * Chromium updated to 130.0.6723.58 + * Firefox updated to 131.0.3 + * Raspberry Pi firmware a2e586ba98ce68f7d11b1c717ad8329b95dcb3b6 + * Linux kernel 6.6.51 - 5aeecea9f4a45248bcf564dec924965e066a7bfd +2024-07-04: + * pipanel - allow customisation of more than 2 desktops + * pipanel - add customisation for labwc + * gui-pkinst - add whitelist to restrict installation to specified packages only + * pixflat-theme - add theme settings for labwc + * pishutdown - revert to original use of pkill to close desktop + * piclone - fix for potential buffer overflow vulnerability (that would never have actually happened…) + * lp-connection-editor - fix dialog icons on taskbar + * rp-prefapps - add Raspberry Pi Connect; remove SmartSim + * piwiz - add page to enable / disable Raspberry Pi Connect + * wf-panel-pi - constrain main menu to fit on small screens + * wf-panel-pi - fix dialog icons on taskbar + * wf-panel-pi - fix keyboard handling and icon highlighting for taskbar buttons + * raspberrypi-ui-mods - add configuration for labwc + * raspberrypi-ui-mods - add support for new touchscreens + * raspberrypi-ui-mods - systemd-inhibit used to override hardware power key on Pi 5 + * rc-gui - add configuration of alternate keyboard layout + * rc-gui - add switching for Raspberry Pi Connect + * arandr - add brightness control for DSI displays + * arandr - more reliable method to detect virtual displays + * raspi-config - add setting of keyboard options + * raspi-config - add setting of PCIe speed + * raspi-config - add switching for Raspberry Pi Connect + * wayvnc - better handling for virtual displays + * wayvnc - improved encryption support + * GTK-3 - add keyboard shortcuts in combo boxes + * pcmanfm - allow customisation of more than 2 desktops + * pcmanfm - fix bug causing crash and inconsistent behaviour on certain drag and drop operations + * raspberrypi-sys-mods - add udev rule to allow backlight change + * raspberrypi-sys-mods - increase swapfile size + * raspberrypi-sys-mods - remove symlinks from paths in initramfs scripts + * wayfire - fix for crash when opening multiple Xwayland windows + * wayfire - fix for touchscreen bug when touching areas without windows + * labwc compositor installed as an alternative to wayfire; can be enabled in raspi-config + * various small bug fixes and tweaks + * Chromium updated to 125.0.6422.133 + * Firefox updated to 126.0 + * Raspberry Pi firmware 3590de0c181d433af368a95f15bc480bdaff8b47 + * Linux kernel 6.6.31 - c1432b4bae5b6582f4d32ba381459f33c34d1424 +2024-03-15: + * Audio streams will now not be interrupted when other audio devices are connected or disconnected + * Keyboard shortcut to install Orca no longer prompts for password, and will now wait for clock synchronisation rather than failing silently + * Orca screen reader updated to version 45 with various additional small bug fixes + * Obsolete fbturbo video driver removed + * Bug fix - saved display resolution settings not reloading under X + * Raspberry Pi firmware 6e0ae774407d68659b50cfbeb9f493ed16718866 + * Linux kernel 6.6.20 - 6f16847710cc0502450788b9f12f0a14d3429668 +2024-03-12: + * Added setting of headless resolution to Screen Configuration + * Removed setting of headless resolution for Wayland from Raspberry Pi Configuration + * Improved handling of power button on Raspberry Pi 5 + * Popover windows from taskbar replaced with conventional windows + * Shutdown assistant now closes all user processes when logging out + * Wayvnc updated to improve compatibility with various VNC clients + * Wayvnc now controlled by systemd + * Audio icon on taskbar hidden if no audio devices connected + * Alternative mouse cursor shown during drag-and-drop operations + * raspi-config now allows EEPROM to be upgraded + * Speed improvement when opening bluetooth and network menus + * Tweaks to display of some widgets under dark theme + * Improved compatibility with alternative window managers + * Bug fix - prevent multiple file manager confirm dialogs being overlaid + * Bug fix - drag-and-drop in file manager causing incorrect files to move + * Bug fix - memory leaks in volume and bluetooth menus + * Bug fix - GPU load sometimes not correctly reported in plugin and task manager + * Bug fix - crash when closing windows with non-GTK headerbars + * Bug fix - spurious button hover highlights on touchscreens + * Bug fix - windows on other monitors being hidden from taskbar + * Bug fix - corrected power monitoring brownout detection + * Bug fix - wayfire keyboard layout settings sometimes not loading + * Removed fbturbo xorg video driver as it is no longer useful + * Chromium updated to 122.0.6261.89 + * Firefox updated to 123.0 + * Raspberry Pi firmware 6e0ae774407d68659b50cfbeb9f493ed16718866 + * Linux kernel 6.6.20 - 6f16847710cc0502450788b9f12f0a14d3429668 +2023-12-11: + * Fix Raspberry Pi Imager's WLAN configuration for lite images +2023-12-05: + * Serial port switching in rc_gui and raspi-config modified to support Raspberry Pi 5 + * Touch screens now identified with unique per-device strings to enable correct association with display devices + * Compatibility with RP1 displays added + * Theme files monitored by pixdecor plugin to load changes on the fly + * Main menu shortcut to The Magpi website restored + * GTK+2 theme harmonised with GTK+3 theme to enable more uniform theming of Qt applications + * Battery monitor plugin enabled + * Taskbar Preferences menu item added to panel right-click menu + * Better reloading of on-the-fly theme changes + * Various improvements to Wayfire rendering + * Dark GTK theme added + * Bug fix - suppressed warning notifications when removing USB devices without mounted filesystems + * Bug fix - volume keyboard shortcuts locked up on some devices + * Bug fix - correctly handling multiple USB audio devices with same name + * Bug fix - some translations not loading in panel plugins + * Bug fix - window titlebars disappearing when tiled + * Bug fix - local installer service failing to install local deb files + * Bug fix - wizard not correctly setting locale when explicit UTF-8 character set required + * Bug fix - system updates could fail if an update required the removal of an installed package + * Bug fix - prevent file manager windows opening larger than screen size + * Bug fix - GPU plugin displaying load percentage as -1 + * Bug fix - various window manager crashes associated with shadows on certain window types + * Bug fix - allow VNC to be enabled if either RealVNC or WayVNC are installed + * WayVNC - improved support for encrypted connections + * Mathematica now works on Raspberry Pi 5 and 64-bit + * Scratch 3 now works on Raspberry Pi 5 and 64-bit + * Thonny updated to version 4.1.4 + * Chromium updated to 119.0.6045.171 + * Firefox updated to 119.0 + * gpiod binary tools included in lite images + * python3-venv included in lite images + * Japanese translations updated + * German translation added to Appearance Settings + * Raspberry Pi firmware 12af703dd07d7721c1f2f58c6f71d9fe66270838 + * Linux kernel 6.1.63 +2023-10-10: + * Based on Debian bookworm release + * Support for Raspberry Pi 5 + * Desktop now runs on the Wayfire Wayland compositing window manager on Raspberry Pi 4 and 5 platforms; on X11 using the openbox window manager on older platforms + * lxpanel replaced with new wf-panel-pi application when running Wayland; existing lxpanel plugins migrated; gpu performance and power plugins added + * pcmanfm modified to use Wayland backend when running on Wayland + * PipeWire used instead of PulseAudio as audio control subsystem; various changes made to volume control plugin to support this + * NetworkManager used instead of dhcpcd as networking interface; various changes made to networking plugin to support this + * Firefox browser added as alternative to Chromium; selection of default browser added to Raspberry Pi Configuration tool + * WayVNC VNC server used instead of RealVNC when running on Wayland + * All customisation and configuration applications modified to customise Wayfire environment as appropriate + * grim used as screenshot tool instead of scrot when running on Wayland + * eom image viewer used instead of gpicview + * evince document viewer used instead of qpdfview + * Chromium web browser updated to version 116 + * VLC media player updated to version 3.0.18 + * Magnifier program not available when running Wayland; Wayfire includes screen zoom capabilities + * CustomPC and Wireframe removed from Bookshelf + * Numerous small changes and bug fixes + * Switched from raspberrypi-kernel to Debian-based kernel packaging (linux-image-rpi-*) + * Switched from raspberrypi-bootloader to Debian based firmware packaging (raspi-firmware) + * /boot mount point moved to /boot/firmware +2023-05-03: + * 64-bit Mathematica added to rp-prefapps + * Bug fix - occasional segfault in CPU temperature plugin + * Bug fix - X server crash when changing screen orientation + * Bug fix - X server DPMS not working + * Mathematica updated to 13.2.1 + * Matlab updated to 23.1.0 + * Chromium updated to 113.0.5672.59 + * Raspberry Pi Imager updated to 1.7.4 + * RealVNC server updated to 7.0.1.49073 + * RealVNC viewer updated to 7.0.1.48981 + * Updated VLC HW acceleration patch + * libcamera + - Add generalised statistics handling. + - Fix overflow that would cause incorrect calculations in the AGC algorithm. + - Improve IMX296 sensor tuning. + * libcamera-apps + - Improve handling of audio resampling and encoding using libav + - Improve performance of QT preview window rendering + - Add support for 16-bit Bayer in the DNG writer + - Fix for encoder lockup when framerate is set to 0 + - Improved thumbnail rendering + * picamera2 + - MJPEG server example that uses the hardware MJPEG encoder. + - Example showing preview from two cameras in a single Qt app. + - H264 encoder accepts frame time interval for SPS headers. + - H264 encoder should advertise correct profile/level. + - H264 encoder supports constant quality parameter. + - Exif DateTime and DateTimeOriginal tags are now added. + - Various bug fixes (check Picamera2 release notes for more details). + * Some translations added + * Raspberry Pi firmware 055e044d5359ded1aacc5a17a8e35365373d0b8b + * Linux kernel 6.1.21 +2023-02-21: + * glamor now disabled on all platforms other than Raspberry Pi 4 with legacy video driver + * msdri3 video driver support added + * KiCad added to Recommended Software + * Support for new touchscreen driver added to Screen Resolution tool; minor UI tweaks + * GTK message dialogs shown with right-justified buttons + * Bug fix - updater plugin now does not clear icon when an update has failed + * Bug fix - keyboard highlight now shown on GTK switch control + * Some Korean and Brazilian translations added + * Fix rpi-imager hidden ssid configuration + * Install kms++-utils + * Raspberry Pi firmware 78852e166b4cf3ebb31d051e996d54792f0994b0 + * Linux kernel 5.15.84 +2022-09-22: + * NodeRED removed from Recommended Software and full image - should only be installed via apt + * Improved speed of startup of lxpanel network controller plugins + * Improved detection of Bluetooth HID devices in first-boot wizard + * Bug fix - splash screen version number and date incorrect + * Bug fix - text entry in searchable main menu ignored while caps or num lock active + * Bug fix - keyboard shortcuts to open Wi-fi and Bluetooth plugin menus not working in 64-bit builds + * Bug fix - typo in Bluetooth device menu + * Bug fix - crash when cycling windows in mutter + * Bug fix - spurious text output in raspi-config network configuration selection + * Bug fix - firstboot script skipped further steps if rootfs resize failed + * Bug fix - firstboot script inadvertently wrote /test.log + * Bug fix - typo in raspi-config resulted in empty file /2 being created + * Raspberry Pi firmware 48cd70fe84432c5d050637b61e4b7b9c831c98bf + * Linux kernel 5.15.61 +2022-09-06: + * lxpanel - new main menu plugin with text search + * lxpanel - new separate audio input plugin with microphone volume and input select + * lxpanel - keyboard shortcuts to open wifi and bluetooth plugins added + * lxpanel - notifications now shown with short delay after startup and between each + * rc_gui - only allows valid hostnames to be set + * piwiz - no longer allows "root" as a user name + * gtk3 - menus can now be resized after being drawn + * raspi-config - option to switch between dhcpcd and Network Manager added + * lxpanel - new network plugin compatible with Network Manager added + * piwiz - compatibility with Network Manager added + * Bug fix - 100% CPU usage in file manager when desktop item unmounted + * Bug fix - window manager was preventing switching between international keyboard layouts + * Bug fix - system tray redrawing made more robust + * Bug fix - translations not being shown in various lxpanel plugins + * Bug fix - updater plugin failing on x86 images + * Bug fix - force power on for Bluetooth hardware when unblocked with rfkill + * Bug fix - message boxes in rc_gui not centred correctly + * Bug fix - switching sessions between Wayland and X11 made more robust + * Bug fix - switching of ALSA devices in raspi-config made compatible with third-party devices + * Install NetworkManager (disabled) + * Install OpenJDK 17 rather than OpenJDK 11 on full images + * Install picamera2 + * Format the root partition with the metadata_csum option + * Format the boot partition with 4 sectors per cluster for a slight performance boost + * Remove 'flush' mount option from the boot partition + * Raspberry Pi firmware 48cd70fe84432c5d050637b61e4b7b9c831c98bf + * Linux kernel 5.15.61 +2022-04-04: + * Default "pi" user has been removed; the first-boot wizard enforces the creation of a new user account + * rename-user script added to allow existing users to be renamed by temporarily rebooting to cut-down first-boot wizard + * Overscan now managed by xrandr under KMS, can be set independently for both monitors, and takes effect on the fly rather than requiring reboot + * GTK3 switch control now used in place of paired radio buttons throughout + * piwiz - first-boot wizard now runs in a separate session as a different user with different graphics + * piwiz - first-boot wizard now has automatic pairing for discoverable Bluetooth mice and keyboards + * lxinput - keyboard delay and repeat settings now persist across reboots under mutter + * raspi-config / rc_gui - removed pixel doubling option when KMS driver in use + * raspi-config - removed composition manager option when legacy driver in use + * arandr - restored support for interlaced displays + * mutter - implemented more intuitive window and application cycling behaviour + * pi-greeter - rebuilt for GTK3 + * Bug fix - graphical corruption in system tray icons + * Bug fix - desktop items vanishing when dragged + * Bug fix - terminal windows not focussed correctly when launched + * Bug fix - crash after multiple update checks in updater plugin + * Bug fix - Raspberry Pi keyboard auto-detect by wizard was broken in previous release + * Bug fix - spurious "connected" dialog box shown when reconnecting to Bluetooth LE devices on boot + * Support for experimental Wayland backend added - can be enabled as an advanced option in raspi-config + * Various small bug fixes and graphical tweaks + * Chromium upgraded to version 98.0.4758.106 + * FFmpeg HW acceleration improved + * OpenJDK 17 now defaults to 'client' JVM for ARMv6 compatibility + * Raspberry Pi firmware 69277bc713133a54a1d20554d79544da1ae2b6ca + * Linux kernel 5.15.30 +2022-01-28: + * Policykit CVE-2021-4034 fix + * rc_gui - add combo box to allow resolution to be set for VNC connections + * rc_gui - camera interface switch removed + * lxpanel - remove appearance settings from preferences dialog; instead add menu option to open general Appearance Settings application + * lxpanel - add ellipses to menu items which open dialogs + * lxinput - read current mouse acceleration directly from xinput + * lxinput - use device IDs rather than names to cope with devices changing when powered-down + * lxinput - remove redundant changes to openbox config file + * plymouth - set KillMode to mixed to suppress warning message + * raspi-config - add option to switch composite video + * raspi-config - add option to switch to legacy camera mode + * raspi-config - add option to set resolution for headless connections + * raspberrypi-ui-mods - disable mutter when VNC server is running and fall back to openbox + * pipanel - add command-line option to open on arbitrary tab + * lxplug-network - suppress ’scan received’ logging message + * raspberrypi-ui-mods - set hover colour for taskbar items based on taskbar colour, not system highlight colour + * Legacy camera applications and libraries reinstalled (32-bit only) + * Bug fix - lxinput - lxsession config file not being written on first attempt + * Bug fix - lxinput - set timer for file write to prevent slider slowing down + * Bug fix - lxinput - write values to gsettings as well as xinput and xsettings to take effect within mutter + * Bug fix - lxinput - fix failure to parse and write non-English numeric formats + * Bug fix - arandr - various fixes to parsing of non-standard EDID blocks to enable model and serial to be correctly extracted + * Bug fix - arandr - refresh rate calculated to 3 decimal places for monitors which require it + * Bug fix - arandr - enable setting of left and right orientation + * Bug fix - arandr - add compatibility with new touchscreen driver + * Bug fix - arandr - apply settings correctly to DSI and composite displays + * Bug fix - lxplug-magnifier - fix crash when opening preferences without required magnifier package installed + * Bug fix - piwiz - launch screen reader install prompt as a new process to prevent audio lockups crashing wizard + * Bug fix - lxpanel - not loading some plugins (cpufreq, minimise all windows) due to icon loading code not compatible with GTK+3 + * Bug fix - gtk+3 - disabled new GDK touch events to enable double-clicks to be detected on touchscreen + * Bug fix - xrdp - included backports from bookworm version of xrdp and xorgxrdp to restore window frames with mutter over xrdp connections + * Update various translations + * udisks2 added to lite image + * mkvtoolnix added to lite image + * 7z and zip support added to lite image + * gnome-keyring added to desktop images + * Raspberry Pi firmware c6d56567ff6ef17fd85159770f22abcf2c5953ed + * Linux kernel 5.10.92 +2021-10-30: + * Based on Debian version 11 (bullseye) + * Desktop components (lxpanel and all plugins, libfm, pcmanfm) now built against GTK+3 + * Applications (piwiz, pipanel, rc_gui, lxinput) now built against GTK+3 + * PiXflat GTK+3 theme updated with numerous changes to support the above + * GTK+3 : toolbar icon size setting added + * GTK+3 : ability to request client-side decoration on windows added + * GTK+3 : setting for indent for frame labels in custom style added + * mutter window manager used instead of openbox on devices with 2GB or more of RAM + * mutter : title bar icon behaviour and appearance modified to match openbox + * mutter : additional keyboard shortcuts added + * mutter : various performance enhancements + * mutter compatibility added to screen magnifier + * Numerous changes to Appearance Settings application to support GTK+3 and mutter + * Updater plugin added to lxpanel to detect and install software updates + * File manager view options simplified to either list or icons, with separate menu option for thumbnails + * New file manager toolbar icons + * KMS used as default display driver + * Modifications to HDMI audio output selection to support the above + * xcompmgr enabled when openbox is running under KMS + * New default camera subsystem based on libcamera + * New camera demo applications (libcamera-still and libcamera-vid) have replaced raspistill and raspivid + * Legacy camera subsystem removed from 64-bit RPi OS (still available on 32-bit) + * Chromium upgraded to version 92.0.4515.98 + * VLC media player upgraded to version 3.0.16 + * Spurious drive removal warning after use of SD card copier removed + * Bookshelf application now includes Custom PC magazine + * Various translation updates - Italian, Korean, Polish, German, Armenian + * Startup wizard now installs Japanese fonts if needed + * Progress and information dialog boxes for lxpanel plugins now common to lxpanel, rather than in individual plugins + * Icon handling code for lxpanel plugins now common to lxpanel + * Package with 4K version of Raspberry Pi wallpaper added to Recommended Software + * Python Games and Minecraft removed from Recommended Software - neither is compatible with bullseye + * Bluetooth pairing and connection dialogs updated for compatibility with more devices + * Bluetooth devices always disconnected before removal to speed up removal process + * Bluetooth pairing dialog now only shows devices which offer services which are usable by Pi + * Separate Bluetooth unpair dialog removed - unpair now an option for each individual device + * Bug fix - mutter : header bar colours not updating when theme is changed + * Bug fix - GTK+3 : tooltips being displayed incorrectly at bottom of screen + * Bug fix - lxpanel : crash when using keyboard shortcut to enable magnifier when magnifier not installed + * Bug fix - lxpanel : lockup in Bluetooth plugin when connecting to certain devices + * Bug fix - lxpanel : discoverable mode icon could get out of sync with underlying Bluetooth system state + * Bug fix - piwiz : missing cities in timezone list + * Bug fix - piwiz : country-specific language packages not being installed + * Bug fix - bookshelf : now waits for longer between packets before timing out + * Bug fix - accented characters now displayed correctly in localisation dialogs + * Raspberry Pi firmware e2bab29767e51c683a312df20014e3277275b8a6 + * Linux kernel 5.10.63 +2021-05-07: + * Chromium upgraded to version 88.0.4324.187 + * NuScratch upgraded to version 20210507 + * Node-RED upgraded to version 1.3.4 + * pigpio upgraded to version 1.79 + * Thonny upgraded to version 3.3.6 + * Icelandic and Italian translations updated for several packages + * piclone: Remove hiding of application in other desktops + * agnostics: Remove hiding of app in other desktops + * rp-bookshelf: + - Remove hiding of app in other desktops + - GTK+3 version + * lxplug-bluetooth: + - Fix some memory leaks + - Add authorisation dialog required by some BT-LE pairings + * alsa-utils: Add custom init files for bcm2835 on Raspberry Pi to set volume correctly + * rp-prefapps: Remove hiding of app in other desktops + * OpenSSH and OpenSSL speed improvements + * Install gpiozero in lite images + * Raspberry Pi firmware 518ee7c871aaa9aaa88116953d57e73787ee6e43 + * Linux kernel 5.10.17 +2021-03-04: + * Thonny upgraded to version 3.3.5 + * SD Card Copier made compatible with NVMe devices; now built against GTK+3 toolkit + * Composite video options removed from Raspberry Pi 4 in Raspberry Pi Configuration + * Boot order options in raspi-config adjusted for more flexibility + * Recommended Software now built against GTK+3 toolkit + * Fix for crash in volume plugin when using keyboard could push value out of range + * Fix for focus changing between windows in file manager when using keyboard to navigate directory view + * Fix for Raspberry Pi 400 keyboard country not being read correctly in startup wizard + * Armenian and Japanese translations added to several packages + * Automatically load aes-neon-bs on ARM64 to speed up OpenSSL + * Raspberry Pi firmware fcf8d2f7639ad8d0330db9c8db9b71bd33eaaa28 + * Linux kernel 5.10.17 +2021-01-11: + * Chromium version 86.0.4240.197 included + * Screen reader support enabled in Chromium + * Adobe have end-of-lifed Flash Player, so it has been removed + * Scratch 2 required Flash, so it has been removed + * Added Epson printer drivers + * Added timeout to hide messages from USB device monitor after 5 seconds + * Bug fix - PulseAudio output was in mono + * Bug fix - brief audio interruptions at start of playback in VLC + * Bug fix - old ALSA output settings being used instead of PulseAudio settings by some applications + * Bug fix - crash in PulseAudio volume controller when used on multichannel devices + * Bug fix - battery monitor failing to load on x86 platforms + * Bug fix - setting of password in startup wizard failed if language was changed + * Bug fix - Chromium video playback lockup on small number of devices + * Bug fix - Chromium Google Maps 3D view artefacts + * Slovak, Italian and Norwegian translations updated + * Added Epson printer drivers + * Raspberry Pi firmware 70f1581eec2c036b7e9309f1af41c651fb125447 + * Linux kernel 5.4.83 +2020-12-02: + * PulseAudio now included and running by default + * Bluealsa Bluetooth interface removed - Bluetooth audio is now handled by PulseAudio + * LXPanel volume control plugin replaced with PulseAudio version + * Version 84.0.4147.105 of Chromium web browser included + * Version 3.3.0 of Thonny included + * Version 32.0.0.453 of Flash player included - note that this will be the final release of Flash, as it is end-of-lifed at the end of 2020 + * CUPS printer system included, along with system-config-printer CUPS GUI and HP printer drivers + * raspi-config menu structure rearranged to match Raspberry Pi Configuration tabs + * Control for GPIO-connected fans added to raspi-config and Raspberry Pi Configuration + * Control for power / activity LED on Pi 400 and Pi Zero added to raspi-config and Raspberry Pi Configuration + * Improved screen reader voice prompts in several applications + * Added ctrl-alt-space shortcut to install Orca screen reader at any point + * Low voltage warnings added to battery monitor plugin + * Magnifier plugin zoom can now be changed with scroll wheel when pointer is over icon + * Change to notification popups - now will only close when clicked on directly, not by clicking anywhere + * Bookshelf now made compatible with translated versions of books and magazines, and will offer translated versions where available, based on system language setting + * Bug fix - crash in CPU temperature plugin when throttling detection fails + * Bug fix - if Orca is running, shutdown commands and shutdown dialog will force kill it to prevent it locking up the reboot or shutdown process + * Various additional language translations added + * Various minor bug fixes and UI tweaks + * Raspberry Pi firmware b324aea801f669b6ab18441f970e74a5a7346684 + * Linux kernel 5.4.79 +2020-08-20: + * raspi-config - added selection of boot device order + * raspi-config - added selection of boot EEPROM version + * SD Card Copier - copy is now immediately aborted if drives are connected or disconnected while copying + * Version 32.0.0.414 of Flash player included + * User feedback survey removed from first run of Chromium + * Recommended Software - now allows multiple install and reinstall operations without having to close between each one + * Bug fix - misleading file browser from panel menu icon selection dialog - icons must now be in icon theme rather than arbitrary files + * Bug fix - items in main menu not being translated + * Bug fix - raspi-config not detecting audio devices in non-English locales + * Bug fix - Bookshelf claiming no disk space in non-English locales + * Bug fix - failed installation of both 32 and 64 bit versions of packages by Recommended Software on 64-bit images + * Italian translations added (thanks to Emanuele Goldoni and the Italian translation team) + * Raspberry Pi firmware ef72c17bcaaeb89093d87bcf71f3228e1b5e1fff + * Linux kernel 5.4.51 +2020-05-27: * Added Bookshelf application * Added Raspberry Pi Diagnostics application * Added magnifier plugin to taskbar - needs magnifier application installed from Recommended Software to enable diff --git a/export-noobs/prerun.sh b/export-noobs/prerun.sh index 54e0c59f07..8e55c9eca7 100755 --- a/export-noobs/prerun.sh +++ b/export-noobs/prerun.sh @@ -1,25 +1,30 @@ #!/bin/bash -e -IMG_FILE="${STAGE_WORK_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.img" -NOOBS_DIR="${STAGE_WORK_DIR}/${IMG_DATE}-${IMG_NAME}${IMG_SUFFIX}" -unmount_image "${IMG_FILE}" - +NOOBS_DIR="${STAGE_WORK_DIR}/${IMG_NAME}${IMG_SUFFIX}" mkdir -p "${STAGE_WORK_DIR}" -cp "${WORK_DIR}/export-image/${IMG_FILENAME}${IMG_SUFFIX}.img" "${STAGE_WORK_DIR}/" -rm -rf "${NOOBS_DIR}" +IMG_FILE="${WORK_DIR}/export-image/${IMG_FILENAME}${IMG_SUFFIX}.img" -PARTED_OUT=$(parted -sm "${IMG_FILE}" unit b print) -BOOT_OFFSET=$(echo "$PARTED_OUT" | grep -e '^1:' | cut -d':' -f 2 | tr -d B) -BOOT_LENGTH=$(echo "$PARTED_OUT" | grep -e '^1:' | cut -d':' -f 4 | tr -d B) +unmount_image "${IMG_FILE}" -ROOT_OFFSET=$(echo "$PARTED_OUT" | grep -e '^2:' | cut -d':' -f 2 | tr -d B) -ROOT_LENGTH=$(echo "$PARTED_OUT" | grep -e '^2:' | cut -d':' -f 4 | tr -d B) +rm -rf "${NOOBS_DIR}" -BOOT_DEV=$(losetup --show -f -o "${BOOT_OFFSET}" --sizelimit "${BOOT_LENGTH}" "${IMG_FILE}") -ROOT_DEV=$(losetup --show -f -o "${ROOT_OFFSET}" --sizelimit "${ROOT_LENGTH}" "${IMG_FILE}") -echo "/boot: offset $BOOT_OFFSET, length $BOOT_LENGTH" -echo "/: offset $ROOT_OFFSET, length $ROOT_LENGTH" +echo "Creating loop device..." +cnt=0 +until ensure_next_loopdev && LOOP_DEV="$(losetup --show --find --partscan "$IMG_FILE")"; do + if [ $cnt -lt 5 ]; then + cnt=$((cnt + 1)) + echo "Error in losetup. Retrying..." + sleep 5 + else + echo "ERROR: losetup failed; exiting" + exit 1 + fi +done + +ensure_loopdev_partitions "$LOOP_DEV" +BOOT_DEV="${LOOP_DEV}p1" +ROOT_DEV="${LOOP_DEV}p2" mkdir -p "${STAGE_WORK_DIR}/rootfs" mkdir -p "${NOOBS_DIR}" @@ -29,6 +34,9 @@ mount "$BOOT_DEV" "${STAGE_WORK_DIR}/rootfs/boot" ln -sv "/lib/systemd/system/apply_noobs_os_config.service" "$ROOTFS_DIR/etc/systemd/system/multi-user.target.wants/apply_noobs_os_config.service" +KERNEL_VER="$(zgrep -oPm 1 "Linux version \K(.*)$" "${STAGE_WORK_DIR}/rootfs/usr/share/doc/raspberrypi-kernel/changelog.Debian.gz" | cut -f-2 -d.)" +echo "$KERNEL_VER" > "${STAGE_WORK_DIR}/kernel_version" + bsdtar --numeric-owner --format gnutar -C "${STAGE_WORK_DIR}/rootfs/boot" -cpf - . | xz -T0 > "${NOOBS_DIR}/boot.tar.xz" umount "${STAGE_WORK_DIR}/rootfs/boot" bsdtar --numeric-owner --format gnutar -C "${STAGE_WORK_DIR}/rootfs" --one-file-system -cpf - . | xz -T0 > "${NOOBS_DIR}/root.tar.xz" diff --git a/scripts/common b/scripts/common index e2048d904f..5056771769 100644 --- a/scripts/common +++ b/scripts/common @@ -9,20 +9,23 @@ bootstrap(){ export http_proxy=${APT_PROXY} - if [ "$(dpkg --print-architecture)" != "armhf" ] && [ "$(dpkg --print-architecture)" != "aarch64" ]; then - BOOTSTRAP_CMD=qemu-debootstrap - fi - BOOTSTRAP_ARGS+=(--arch armhf) BOOTSTRAP_ARGS+=(--components "main,contrib,non-free") BOOTSTRAP_ARGS+=(--keyring "${STAGE_DIR}/files/raspberrypi.gpg") + BOOTSTRAP_ARGS+=(--exclude=info,ifupdown) + BOOTSTRAP_ARGS+=(--include=ca-certificates) BOOTSTRAP_ARGS+=("$@") printf -v BOOTSTRAP_STR '%q ' "${BOOTSTRAP_ARGS[@]}" - setarch linux32 capsh --drop=cap_setfcap -- -c "'${BOOTSTRAP_CMD}' $BOOTSTRAP_STR" || true + setarch linux32 capsh $CAPSH_ARG -- -c "'${BOOTSTRAP_CMD}' $BOOTSTRAP_STR" || true + + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050719 + rm -f wget-log* - if [ -d "$2/debootstrap" ]; then - rmdir "$2/debootstrap" + if [ -d "$2/debootstrap" ] && ! rmdir "$2/debootstrap"; then + cp "$2/debootstrap/debootstrap.log" "${STAGE_WORK_DIR}" + log "bootstrap failed: please check ${STAGE_WORK_DIR}/debootstrap.log" + return 1 fi } export -f bootstrap @@ -44,32 +47,34 @@ unmount(){ DIR=$1 fi - while mount | grep -q "$DIR"; do - local LOCS - LOCS=$(mount | grep "$DIR" | cut -f 3 -d ' ' | sort -r) - for loc in $LOCS; do - umount "$loc" - done + for i in {1..6}; do + if awk "\$2 ~ /^${DIR//\//\\/}/ {print \$2}" /etc/mtab | sort -r | xargs -r umount; then + break + elif [ "$i" -eq 6 ]; then + log "Failed to unmount ${DIR}. Do not try to delete this directory while it contains mountpoints!" + return 1 + fi + log "Retrying ($i/5)..." + sleep 1 done } export -f unmount unmount_image(){ - sync - sleep 1 - local LOOP_DEVICES - LOOP_DEVICES=$(losetup --list | grep "$(basename "${1}")" | cut -f1 -d' ') - for LOOP_DEV in ${LOOP_DEVICES}; do - if [ -n "${LOOP_DEV}" ]; then - local MOUNTED_DIR - MOUNTED_DIR=$(mount | grep "$(basename "${LOOP_DEV}")" | head -n 1 | cut -f 3 -d ' ') - if [ -n "${MOUNTED_DIR}" ] && [ "${MOUNTED_DIR}" != "/" ]; then - unmount "$(dirname "${MOUNTED_DIR}")" + if command -v udevadm >/dev/null 2>&1; then + udevadm settle 10 + else + sleep 1 + fi + LOOP_DEVICE=$(losetup -n -O NAME -j "$1") + if [ -n "$LOOP_DEVICE" ]; then + for part in "$LOOP_DEVICE"p*; do + if DIR=$(findmnt -n -o target -S "$part"); then + unmount "$DIR" fi - sleep 1 - losetup -d "${LOOP_DEV}" - fi - done + done + losetup -d "$LOOP_DEVICE" + fi } export -f unmount_image @@ -90,11 +95,43 @@ on_chroot() { mount --bind /sys "${ROOTFS_DIR}/sys" fi - setarch linux32 capsh --drop=cap_setfcap "--chroot=${ROOTFS_DIR}/" -- -e "$@" + if ! mount | grep -q "$(realpath "${ROOTFS_DIR}"/run)"; then + mount -t tmpfs tmpfs "${ROOTFS_DIR}/run" + fi + + if ! mount | grep -q "$(realpath "${ROOTFS_DIR}"/tmp)"; then + mount -t tmpfs tmpfs "${ROOTFS_DIR}/tmp" + fi + + setarch linux32 capsh $CAPSH_ARG "--chroot=${ROOTFS_DIR}/" -- -e "$@" } export -f on_chroot update_issue() { - echo -e "Raspberry Pi reference ${IMG_DATE}\nGenerated using ${PI_GEN}, ${PI_GEN_REPO}, ${GIT_HASH}, ${1}" > "${ROOTFS_DIR}/etc/rpi-issue" + echo -e "${PI_GEN_RELEASE} ${IMG_DATE}\nGenerated using ${PI_GEN}, ${PI_GEN_REPO}, ${GIT_HASH}, ${1}" > "${ROOTFS_DIR}/etc/rpi-issue" } export -f update_issue + +ensure_next_loopdev() { + local loopdev + loopdev="$(losetup -f)" + loopmaj="$(echo "$loopdev" | sed -E 's/.*[^0-9]*?([0-9]+)$/\1/')" + [[ -b "$loopdev" ]] || mknod "$loopdev" b 7 "$loopmaj" +} +export -f ensure_next_loopdev + +ensure_loopdev_partitions() { + local line + local partition + local majmin + lsblk -r -n -o "NAME,MAJ:MIN" "$1" | grep -v "^${1#/dev/} " | while read -r line; do + partition="${line%% *}" + majmin="${line#* }" + if [ ! -b "/dev/$partition" ]; then + mknod "/dev/$partition" b "${majmin%:*}" "${majmin#*:}" + fi + done + command -v udevadm >/dev/null 2>&1 || return 0 + udevadm settle 10 +} +export -f ensure_loopdev_partitions diff --git a/scripts/dependencies_check b/scripts/dependencies_check index 375512b751..fb709e44cf 100644 --- a/scripts/dependencies_check +++ b/scripts/dependencies_check @@ -3,7 +3,7 @@ # # Each dependency is in the form of a tool to test for, optionally followed by # a : and the name of a package if the package on a Debian-ish system is not -# named for the tool (i.e., qemu-user-static). +# named for the tool (i.e., qemu-user-binfmt). dependencies_check() { local depfile deps missing @@ -28,11 +28,26 @@ dependencies_check() false fi + # If we're building on a native arm platform, we don't need to check for + # binfmt_misc or require it to be loaded. - if ! grep -q "/proc/sys/fs/binfmt_misc" /proc/mounts; then - echo "Module binfmt_misc not loaded in host" - echo "Please run:" - echo " sudo modprobe binfmt_misc" - exit 1 + binfmt_misc_required=1 + + case $(uname -m) in + aarch64) + binfmt_misc_required=0 + ;; + arm*) + binfmt_misc_required=0 + ;; + esac + + if [[ "${binfmt_misc_required}" == "1" ]]; then + if ! grep -q "/proc/sys/fs/binfmt_misc" /proc/mounts; then + echo "Module binfmt_misc not loaded in host" + echo "Please run:" + echo " sudo modprobe binfmt_misc" + exit 1 + fi fi } diff --git a/stage0/00-configure-apt/00-run.sh b/stage0/00-configure-apt/00-run.sh index d10a49f174..8e47893ada 100755 --- a/stage0/00-configure-apt/00-run.sh +++ b/stage0/00-configure-apt/00-run.sh @@ -1,9 +1,10 @@ #!/bin/bash -e -install -m 644 files/sources.list "${ROOTFS_DIR}/etc/apt/" -install -m 644 files/raspi.list "${ROOTFS_DIR}/etc/apt/sources.list.d/" -sed -i "s/RELEASE/${RELEASE}/g" "${ROOTFS_DIR}/etc/apt/sources.list" -sed -i "s/RELEASE/${RELEASE}/g" "${ROOTFS_DIR}/etc/apt/sources.list.d/raspi.list" +true > "${ROOTFS_DIR}/etc/apt/sources.list" +install -m 644 files/raspbian.sources "${ROOTFS_DIR}/etc/apt/sources.list.d/" +install -m 644 files/raspi.sources "${ROOTFS_DIR}/etc/apt/sources.list.d/" +sed -i "s/RELEASE/${RELEASE}/g" "${ROOTFS_DIR}/etc/apt/sources.list.d/raspbian.sources" +sed -i "s/RELEASE/${RELEASE}/g" "${ROOTFS_DIR}/etc/apt/sources.list.d/raspi.sources" if [ -n "$APT_PROXY" ]; then install -m 644 files/51cache "${ROOTFS_DIR}/etc/apt/apt.conf.d/51cache" @@ -12,8 +13,21 @@ else rm -f "${ROOTFS_DIR}/etc/apt/apt.conf.d/51cache" fi -on_chroot apt-key add - < files/raspberrypi.gpg.key -on_chroot << EOF -apt-get update -apt-get dist-upgrade -y +if [ -n "$TEMP_REPO" ]; then + install -m 644 /dev/null "${ROOTFS_DIR}/etc/apt/sources.list.d/00-temp.list" + echo "$TEMP_REPO" | sed "s/RELEASE/$RELEASE/g" > "${ROOTFS_DIR}/etc/apt/sources.list.d/00-temp.list" +else + rm -f "${ROOTFS_DIR}/etc/apt/sources.list.d/00-temp.list" +fi + +install -m 644 files/raspberrypi-archive-keyring.pgp "${ROOTFS_DIR}/usr/share/keyrings/" +on_chroot <<- \EOF + ARCH="$(dpkg --print-architecture)" + if [ "$ARCH" = "armhf" ]; then + dpkg --add-architecture arm64 + elif [ "$ARCH" = "arm64" ]; then + dpkg --add-architecture armhf + fi + apt-get update + apt-get dist-upgrade -y EOF diff --git a/stage0/00-configure-apt/01-packages b/stage0/00-configure-apt/01-packages new file mode 100644 index 0000000000..f5e37894ed --- /dev/null +++ b/stage0/00-configure-apt/01-packages @@ -0,0 +1 @@ +raspberrypi-archive-keyring diff --git a/stage0/00-configure-apt/files/raspberrypi-archive-keyring.pgp b/stage0/00-configure-apt/files/raspberrypi-archive-keyring.pgp new file mode 100644 index 0000000000..e0ada06a3a Binary files /dev/null and b/stage0/00-configure-apt/files/raspberrypi-archive-keyring.pgp differ diff --git a/stage0/00-configure-apt/files/raspberrypi.gpg.key b/stage0/00-configure-apt/files/raspberrypi.gpg.key deleted file mode 100644 index 60b5f65825..0000000000 --- a/stage0/00-configure-apt/files/raspberrypi.gpg.key +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.12 (GNU/Linux) - -mQENBE/d7o8BCACrwqQacGJfn3tnMzGui6mv2lLxYbsOuy/+U4rqMmGEuo3h9m92 -30E2EtypsoWczkBretzLUCFv+VUOxaA6sV9+puTqYGhhQZFuKUWcG7orf7QbZRuu -TxsEUepW5lg7MExmAu1JJzqM0kMQX8fVyWVDkjchZ/is4q3BPOUCJbUJOsE+kK/6 -8kW6nWdhwSAjfDh06bA5wvoXNjYoDdnSZyVdcYCPEJXEg5jfF/+nmiFKMZBraHwn -eQsepr7rBXxNcEvDlSOPal11fg90KXpy7Umre1UcAZYJdQeWcHu7X5uoJx/MG5J8 -ic6CwYmDaShIFa92f8qmFcna05+lppk76fsnABEBAAG0IFJhc3BiZXJyeSBQaSBB -cmNoaXZlIFNpZ25pbmcgS2V5iQE4BBMBAgAiBQJP3e6PAhsDBgsJCAcDAgYVCAIJ -CgsEFgIDAQIeAQIXgAAKCRCCsSmSf6MwPk6vB/9pePB3IukU9WC9Bammh3mpQTvL -OifbkzHkmAYxzjfK6D2I8pT0xMxy949+ThzJ7uL60p6T/32ED9DR3LHIMXZvKtuc -mQnSiNDX03E2p7lIP/htoxW2hDP2n8cdlNdt0M9IjaWBppsbO7IrDppG2B1aRLni -uD7v8bHRL2mKTtIDLX42Enl8aLAkJYgNWpZyPkDyOqamjijarIWjGEPCkaURF7g4 -d44HvYhpbLMOrz1m6N5Bzoa5+nq3lmifeiWKxioFXU+Hy5bhtAM6ljVb59hbD2ra -X4+3LXC9oox2flmQnyqwoyfZqVgSQa0B41qEQo8t1bz6Q1Ti7fbMLThmbRHiuQEN -BE/d7o8BCADNlVtBZU63fm79SjHh5AEKFs0C3kwa0mOhp9oas/haDggmhiXdzeD3 -49JWz9ZTx+vlTq0s+I+nIR1a+q+GL+hxYt4HhxoA6vlDMegVfvZKzqTX9Nr2VqQa -S4Kz3W5ULv81tw3WowK6i0L7pqDmvDqgm73mMbbxfHD0SyTt8+fk7qX6Ag2pZ4a9 -ZdJGxvASkh0McGpbYJhk1WYD+eh4fqH3IaeJi6xtNoRdc5YXuzILnp+KaJyPE5CR -qUY5JibOD3qR7zDjP0ueP93jLqmoKltCdN5+yYEExtSwz5lXniiYOJp8LWFCgv5h -m8aYXkcJS1xVV9Ltno23YvX5edw9QY4hABEBAAGJAR8EGAECAAkFAk/d7o8CGwwA -CgkQgrEpkn+jMD5Figf/dIC1qtDMTbu5IsI5uZPX63xydaExQNYf98cq5H2fWF6O -yVR7ERzA2w33hI0yZQrqO6pU9SRnHRxCFvGv6y+mXXXMRcmjZG7GiD6tQWeN/3wb -EbAn5cg6CJ/Lk/BI4iRRfBX07LbYULCohlGkwBOkRo10T+Ld4vCCnBftCh5x2OtZ -TOWRULxP36y2PLGVNF+q9pho98qx+RIxvpofQM/842ZycjPJvzgVQsW4LT91KYAE -4TVf6JjwUM6HZDoiNcX6d7zOhNfQihXTsniZZ6rky287htsWVDNkqOi5T3oTxWUo -m++/7s3K3L0zWopdhMVcgg6Nt9gcjzqN1c0gy55L/g== -=mNSj ------END PGP PUBLIC KEY BLOCK----- diff --git a/stage0/00-configure-apt/files/raspbian.sources b/stage0/00-configure-apt/files/raspbian.sources new file mode 100644 index 0000000000..5947190eeb --- /dev/null +++ b/stage0/00-configure-apt/files/raspbian.sources @@ -0,0 +1,6 @@ +Types: deb +URIs: http://raspbian.raspberrypi.com/raspbian/ +Architectures: armhf +Suites: RELEASE +Components: main contrib non-free rpi +Signed-By: /usr/share/keyrings/raspbian-archive-keyring.gpg diff --git a/stage0/00-configure-apt/files/raspi.list b/stage0/00-configure-apt/files/raspi.list deleted file mode 100644 index 41c5a70755..0000000000 --- a/stage0/00-configure-apt/files/raspi.list +++ /dev/null @@ -1,3 +0,0 @@ -deb http://archive.raspberrypi.org/debian/ RELEASE main -# Uncomment line below then 'apt-get update' to enable 'apt-get source' -#deb-src http://archive.raspberrypi.org/debian/ RELEASE main diff --git a/stage0/00-configure-apt/files/raspi.sources b/stage0/00-configure-apt/files/raspi.sources new file mode 100644 index 0000000000..1ec8b97a67 --- /dev/null +++ b/stage0/00-configure-apt/files/raspi.sources @@ -0,0 +1,5 @@ +Types: deb +URIs: http://archive.raspberrypi.com/debian/ +Suites: RELEASE +Components: main +Signed-By: /usr/share/keyrings/raspberrypi-archive-keyring.pgp diff --git a/stage0/00-configure-apt/files/sources.list b/stage0/00-configure-apt/files/sources.list deleted file mode 100644 index 4a5dd8a9fd..0000000000 --- a/stage0/00-configure-apt/files/sources.list +++ /dev/null @@ -1,3 +0,0 @@ -deb http://raspbian.raspberrypi.org/raspbian/ RELEASE main contrib non-free rpi -# Uncomment line below then 'apt-get update' to enable 'apt-get source' -#deb-src http://raspbian.raspberrypi.org/raspbian/ RELEASE main contrib non-free rpi diff --git a/stage0/02-firmware/01-packages b/stage0/02-firmware/01-packages index b166aa8dff..8132aa2db6 100644 --- a/stage0/02-firmware/01-packages +++ b/stage0/02-firmware/01-packages @@ -1,2 +1,7 @@ -raspberrypi-bootloader -raspberrypi-kernel +initramfs-tools +raspi-firmware +linux-image-rpi-v6 +linux-image-rpi-v7 +linux-image-rpi-v8 +linux-headers-rpi-v6 +linux-headers-rpi-v7 diff --git a/stage0/02-firmware/02-run.sh b/stage0/02-firmware/02-run.sh new file mode 100755 index 0000000000..677cd81765 --- /dev/null +++ b/stage0/02-firmware/02-run.sh @@ -0,0 +1,10 @@ +#!/bin/bash -e + +if [ -f "${ROOTFS_DIR}/etc/initramfs-tools/update-initramfs.conf" ]; then + sed -i 's/^update_initramfs=.*/update_initramfs=no/' "${ROOTFS_DIR}/etc/initramfs-tools/update-initramfs.conf" +fi + +if [ ! -f "${ROOTFS_DIR}/etc/kernel-img.conf" ]; then + echo "do_symlinks=0" > "${ROOTFS_DIR}/etc/kernel-img.conf" +fi +rm -f "${ROOTFS_DIR}/"{vmlinuz,initrd.img}* diff --git a/stage0/files/raspberrypi.gpg b/stage0/files/raspberrypi.gpg index fe1d207eb1..25990a4fe0 100644 Binary files a/stage0/files/raspberrypi.gpg and b/stage0/files/raspberrypi.gpg differ diff --git a/stage0/prerun.sh b/stage0/prerun.sh index 3b257836b8..c625b0e6f7 100755 --- a/stage0/prerun.sh +++ b/stage0/prerun.sh @@ -1,5 +1,10 @@ #!/bin/bash -e +if [ "$RELEASE" != "trixie" ]; then + echo "WARNING: RELEASE does not match the intended option for this branch." + echo " Please check the relevant README.md section." +fi + if [ ! -d "${ROOTFS_DIR}" ]; then - bootstrap ${RELEASE} "${ROOTFS_DIR}" http://raspbian.raspberrypi.org/raspbian/ + bootstrap ${RELEASE} "${ROOTFS_DIR}" http://raspbian.raspberrypi.com/raspbian/ fi diff --git a/stage1/00-boot-files/00-run.sh b/stage1/00-boot-files/00-run.sh index bc61397d9d..8f1f823918 100755 --- a/stage1/00-boot-files/00-run.sh +++ b/stage1/00-boot-files/00-run.sh @@ -1,4 +1,14 @@ #!/bin/bash -e -install -m 644 files/cmdline.txt "${ROOTFS_DIR}/boot/" -install -m 644 files/config.txt "${ROOTFS_DIR}/boot/" +mkdir -p "${ROOTFS_DIR}/boot/firmware" + +if ! [ -L "${ROOTFS_DIR}/boot/overlays" ]; then + ln -s firmware/overlays "${ROOTFS_DIR}/boot/overlays" +fi + +install -m 644 files/cmdline.txt "${ROOTFS_DIR}/boot/firmware/" +install -m 644 files/config.txt "${ROOTFS_DIR}/boot/firmware/" + +for file in cmdline.txt config.txt; do + printf "DO NOT EDIT THIS FILE\n\nThe file you are looking for has moved to %s\n" "/boot/firmware/${file}" > "${ROOTFS_DIR}/boot/${file}" +done diff --git a/stage1/00-boot-files/files/cmdline.txt b/stage1/00-boot-files/files/cmdline.txt index b815bd89db..71b90ffcee 100644 --- a/stage1/00-boot-files/files/cmdline.txt +++ b/stage1/00-boot-files/files/cmdline.txt @@ -1 +1 @@ -console=serial0,115200 console=tty1 root=ROOTDEV rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait +console=serial0,115200 console=tty1 root=ROOTDEV rootfstype=ext4 fsck.repair=yes rootwait resize diff --git a/stage1/00-boot-files/files/config.txt b/stage1/00-boot-files/files/config.txt index 548f4accc2..2a64594068 100644 --- a/stage1/00-boot-files/files/config.txt +++ b/stage1/00-boot-files/files/config.txt @@ -1,65 +1,48 @@ # For more options and information see -# http://rpf.io/configtxt +# http://rptl.io/configtxt # Some settings may impact device functionality. See link above for details -# uncomment if you get no picture on HDMI for a default "safe" mode -#hdmi_safe=1 - -# uncomment this if your display has a black border of unused pixels visible -# and your display can output without overscan -#disable_overscan=1 - -# uncomment the following to adjust overscan. Use positive numbers if console -# goes off screen, and negative if there is too much border -#overscan_left=16 -#overscan_right=16 -#overscan_top=16 -#overscan_bottom=16 - -# uncomment to force a console size. By default it will be display's size minus -# overscan. -#framebuffer_width=1280 -#framebuffer_height=720 +# Uncomment some or all of these to enable the optional hardware interfaces +#dtparam=i2c_arm=on +#dtparam=i2s=on +#dtparam=spi=on -# uncomment if hdmi display is not detected and composite is being output -#hdmi_force_hotplug=1 +# Enable audio (loads snd_bcm2835) +dtparam=audio=on -# uncomment to force a specific HDMI mode (this will force VGA) -#hdmi_group=1 -#hdmi_mode=1 +# Additional overlays and parameters are documented +# /boot/firmware/overlays/README -# uncomment to force a HDMI mode rather than DVI. This can make audio work in -# DMT (computer monitor) modes -#hdmi_drive=2 +# Automatically load overlays for detected cameras +camera_auto_detect=1 -# uncomment to increase signal to HDMI, if you have interference, blanking, or -# no display -#config_hdmi_boost=4 +# Automatically load overlays for detected DSI displays +display_auto_detect=1 -# uncomment for composite PAL -#sdtv_mode=2 +# Automatically load initramfs files, if found +auto_initramfs=1 -#uncomment to overclock the arm. 700 MHz is the default. -#arm_freq=800 +# Enable DRM VC4 V3D driver +dtoverlay=vc4-kms-v3d +max_framebuffers=2 -# Uncomment some or all of these to enable the optional hardware interfaces -#dtparam=i2c_arm=on -#dtparam=i2s=on -#dtparam=spi=on +# Don't have the firmware create an initial video= setting in cmdline.txt. +# Use the kernel's default instead. +disable_fw_kms_setup=1 -# Uncomment this to enable infrared communication. -#dtoverlay=gpio-ir,gpio_pin=17 -#dtoverlay=gpio-ir-tx,gpio_pin=18 +# Disable compensation for displays with overscan +disable_overscan=1 -# Additional overlays and parameters are documented /boot/overlays/README +# Run as fast as firmware / board allows +arm_boost=1 -# Enable audio (loads snd_bcm2835) -dtparam=audio=on +[cm4] +# Enable host mode on the 2711 built-in XHCI USB controller. +# This line should be removed if the legacy DWC2 controller is required +# (e.g. for USB device mode) or if USB support is not required. +otg_mode=1 -[pi4] -# Enable DRM VC4 V3D driver on top of the dispmanx display stack -dtoverlay=vc4-fkms-v3d -max_framebuffers=2 +[cm5] +dtoverlay=dwc2,dr_mode=host [all] -#dtoverlay=vc4-fkms-v3d diff --git a/stage1/01-sys-tweaks/00-packages b/stage1/01-sys-tweaks/00-packages new file mode 100644 index 0000000000..9e91ea1ae3 --- /dev/null +++ b/stage1/01-sys-tweaks/00-packages @@ -0,0 +1 @@ +raspi-config diff --git a/stage1/01-sys-tweaks/00-patches/01-bashrc.diff b/stage1/01-sys-tweaks/00-patches/01-bashrc.diff index efa2104d5a..86d351f72e 100644 --- a/stage1/01-sys-tweaks/00-patches/01-bashrc.diff +++ b/stage1/01-sys-tweaks/00-patches/01-bashrc.diff @@ -1,6 +1,6 @@ ---- a/rootfs/etc/skel/.bashrc -+++ b/rootfs/etc/skel/.bashrc -@@ -43,7 +43,7 @@ +--- stage1.orig/rootfs/etc/skel/.bashrc ++++ stage1/rootfs/etc/skel/.bashrc +@@ -43,7 +43,7 @@ esac # uncomment for a colored prompt, if the terminal has the capability; turned # off by default to not distract the user: the focus in a terminal window # should be on the output of commands, not on the prompt @@ -9,7 +9,7 @@ if [ -n "$force_color_prompt" ]; then if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then -@@ -57,7 +57,7 @@ +@@ -57,7 +57,7 @@ if [ -n "$force_color_prompt" ]; then fi if [ "$color_prompt" = yes ]; then @@ -18,7 +18,7 @@ else PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' fi -@@ -79,9 +79,9 @@ +@@ -79,9 +79,9 @@ if [ -x /usr/bin/dircolors ]; then #alias dir='dir --color=auto' #alias vdir='vdir --color=auto' diff --git a/stage1/01-sys-tweaks/00-run.sh b/stage1/01-sys-tweaks/00-run.sh index 9c380ec558..df07d416ff 100755 --- a/stage1/01-sys-tweaks/00-run.sh +++ b/stage1/01-sys-tweaks/00-run.sh @@ -1,15 +1,15 @@ #!/bin/bash -e -install -d "${ROOTFS_DIR}/etc/systemd/system/getty@tty1.service.d" -install -m 644 files/noclear.conf "${ROOTFS_DIR}/etc/systemd/system/getty@tty1.service.d/noclear.conf" install -v -m 644 files/fstab "${ROOTFS_DIR}/etc/fstab" on_chroot << EOF if ! id -u ${FIRST_USER_NAME} >/dev/null 2>&1; then - adduser --disabled-password --gecos "" ${FIRST_USER_NAME} + adduser --disabled-login --gecos "" ${FIRST_USER_NAME} +fi + +if [ -n "${FIRST_USER_PASS}" ]; then + echo "${FIRST_USER_NAME}:${FIRST_USER_PASS}" | chpasswd + usermod -s /bin/bash "${FIRST_USER_NAME}" fi -echo "${FIRST_USER_NAME}:${FIRST_USER_PASS}" | chpasswd echo "root:root" | chpasswd EOF - - diff --git a/stage1/01-sys-tweaks/files/fstab b/stage1/01-sys-tweaks/files/fstab index f16e3fb8aa..525c3bc84c 100644 --- a/stage1/01-sys-tweaks/files/fstab +++ b/stage1/01-sys-tweaks/files/fstab @@ -1,3 +1,3 @@ proc /proc proc defaults 0 0 -BOOTDEV /boot vfat defaults 0 2 +BOOTDEV /boot/firmware vfat defaults 0 2 ROOTDEV / ext4 defaults,noatime 0 1 diff --git a/stage1/01-sys-tweaks/files/noclear.conf b/stage1/01-sys-tweaks/files/noclear.conf deleted file mode 100644 index 52671c758d..0000000000 --- a/stage1/01-sys-tweaks/files/noclear.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Service] -TTYVTDisallocate=no diff --git a/stage1/02-net-tweaks/00-run.sh b/stage1/02-net-tweaks/00-run.sh index 4943cabf0d..95dfbdc5b7 100755 --- a/stage1/02-net-tweaks/00-run.sh +++ b/stage1/02-net-tweaks/00-run.sh @@ -3,4 +3,6 @@ echo "${TARGET_HOSTNAME}" > "${ROOTFS_DIR}/etc/hostname" echo "127.0.1.1 ${TARGET_HOSTNAME}" >> "${ROOTFS_DIR}/etc/hosts" -ln -sf /dev/null "${ROOTFS_DIR}/etc/systemd/network/99-default.link" +on_chroot << EOF + SUDO_USER="${FIRST_USER_NAME}" raspi-config nonint do_net_names 1 +EOF diff --git a/stage1/03-install-packages/00-packages b/stage1/03-install-packages/00-packages index e8c148c0b5..97ca0d2bc6 100644 --- a/stage1/03-install-packages/00-packages +++ b/stage1/03-install-packages/00-packages @@ -1 +1 @@ -libraspberrypi-bin libraspberrypi0 raspi-config +systemd-timesyncd diff --git a/stage2/01-sys-tweaks/00-debconf b/stage2/01-sys-tweaks/00-debconf index c13e3b1949..724f83987d 100644 --- a/stage2/01-sys-tweaks/00-debconf +++ b/stage2/01-sys-tweaks/00-debconf @@ -4,9 +4,6 @@ console-setup console-setup/charmap47 select UTF-8 # Character set to support: # Choices: . Arabic, # Armenian, # Cyrillic - KOI8-R and KOI8-U, # Cyrillic - non-Slavic languages, # Cyrillic - Slavic languages (also Bosnian and Serbian Latin), . Ethiopic, # Georgian, # Greek, # Hebrew, # Lao, # Latin1 and Latin5 - western Europe and Turkic languages, # Latin2 - central Europe and Romanian, # Latin3 and Latin8 - Chichewa; Esperanto; Irish; Maltese and Welsh, # Latin7 - Lithuanian; Latvian; Maori and Marshallese, . Latin - Vietnamese, # Thai, . Combined - Latin; Slavic Cyrillic; Hebrew; basic Arabic, . Combined - Latin; Slavic Cyrillic; Greek, . Combined - Latin; Slavic and non-Slavic Cyrillic, Guess optimal character set console-setup console-setup/codeset47 select Guess optimal character set -# Font for the console: -# Choices: Fixed, Goha, GohaClassic, Terminus, TerminusBold, TerminusBoldVGA, VGA, Do not change the boot/kernel font, Let the system select a suitable font -console-setup console-setup/fontface47 select Do not change the boot/kernel font # Key to function as AltGr: # Choices: The default for the keyboard layout, No AltGr key, Right Alt (AltGr), Right Control, Right Logo key, Menu key, Left Alt, Left Logo key, Keypad Enter key, Both Logo keys, Both Alt keys keyboard-configuration keyboard-configuration/altgr select The default for the keyboard layout @@ -24,3 +21,5 @@ keyboard-configuration keyboard-configuration/ctrl_alt_bksp boolean true # Keyboard layout: # Choices: English (UK), English (UK) - English (UK\, Colemak), English (UK) - English (UK\, Dvorak with UK punctuation), English (UK) - English (UK\, Dvorak), English (UK) - English (UK\, Macintosh international), English (UK) - English (UK\, Macintosh), English (UK) - English (UK\, extended WinKeys), English (UK) - English (UK\, international with dead keys), Other keyboard-configuration keyboard-configuration/variant select ${KEYBOARD_LAYOUT} +# for internal use +keyboard-configuration keyboard-configuration/optionscode string PLACEHOLDER diff --git a/stage2/01-sys-tweaks/00-packages b/stage2/01-sys-tweaks/00-packages index 83ec74ce53..15717ff9ff 100644 --- a/stage2/01-sys-tweaks/00-packages +++ b/stage2/01-sys-tweaks/00-packages @@ -1,17 +1,21 @@ -ssh less fbset sudo psmisc strace ed ncdu crda -console-setup keyboard-configuration debconf-utils parted unzip -build-essential manpages-dev python bash-completion gdb pkg-config -python-rpi.gpio v4l-utils +ssh less fbset sudo psmisc strace ed ncdu +console-setup keyboard-configuration debconf-utils parted +build-essential manpages-dev bash-completion gdb pkg-config +python-is-python3 +v4l-utils +gpiod python3-libgpiod +python3-gpiozero +python3-rpi-lgpio +python3-spidev +python3-smbus2 avahi-daemon lua5.1 luajit -hardlink ca-certificates curl -fake-hwclock nfs-common usbutils -libraspberrypi-dev libraspberrypi-doc libfreetype6-dev +ca-certificates curl +usbutils dosfstools -dphys-swapfile +rpi-swap rpi-loop-utils raspberrypi-sys-mods -pi-bluetooth apt-listchanges usb-modeswitch libpam-chksshpwd @@ -20,12 +24,20 @@ libmtp-runtime rsync htop man-db -policykit-1 ssh-import-id -rng-tools ethtool -vl805fw ntfs-3g pciutils rpi-eeprom -raspinfo +raspi-utils +udisks2 +unzip zip p7zip-full +file +kms++-utils +python3-venv +bluez bluez-firmware +rpi-keyboard-config +rpi-keyboard-fw-update +rpi-usb-gadget modemmanager- +rpi-connect-lite +rpifwcrypto diff --git a/stage2/01-sys-tweaks/00-packages-nr b/stage2/01-sys-tweaks/00-packages-nr index 5acef540d0..15c0f6626f 100644 --- a/stage2/01-sys-tweaks/00-packages-nr +++ b/stage2/01-sys-tweaks/00-packages-nr @@ -1 +1,3 @@ cifs-utils +rpicam-apps-lite +mkvtoolnix diff --git a/stage2/01-sys-tweaks/00-patches/01-useradd.diff b/stage2/01-sys-tweaks/00-patches/01-useradd.diff index e81ad5a1aa..cc3476bf05 100644 --- a/stage2/01-sys-tweaks/00-patches/01-useradd.diff +++ b/stage2/01-sys-tweaks/00-patches/01-useradd.diff @@ -1,9 +1,7 @@ -Index: jessie-stage2/rootfs/etc/default/useradd -=================================================================== ---- jessie-stage2.orig/rootfs/etc/default/useradd -+++ jessie-stage2/rootfs/etc/default/useradd +--- stage2.orig/rootfs/etc/default/useradd ++++ stage2/rootfs/etc/default/useradd @@ -5,7 +5,7 @@ - # Similar to DHSELL in adduser. However, we use "sh" here because + # Similar to DSHELL in adduser. However, we use "sh" here because # useradd is a low level utility and should be as general # as possible -SHELL=/bin/sh diff --git a/stage2/01-sys-tweaks/00-patches/02-swap.diff b/stage2/01-sys-tweaks/00-patches/02-swap.diff deleted file mode 100644 index 745a344e49..0000000000 --- a/stage2/01-sys-tweaks/00-patches/02-swap.diff +++ /dev/null @@ -1,13 +0,0 @@ -Index: jessie-stage2/rootfs/etc/dphys-swapfile -=================================================================== ---- jessie-stage2.orig/rootfs/etc/dphys-swapfile -+++ jessie-stage2/rootfs/etc/dphys-swapfile -@@ -13,7 +13,7 @@ - - # set size to absolute value, leaving empty (default) then uses computed value - # you most likely don't want this, unless you have an special disk situation --#CONF_SWAPSIZE= -+CONF_SWAPSIZE=100 - - # set size to computed value, this times RAM size, dynamically adapts, - # guarantees that there is enough swap without wasting disk space on excess diff --git a/stage2/01-sys-tweaks/00-patches/04-inputrc.diff b/stage2/01-sys-tweaks/00-patches/04-inputrc.diff index c81fa62d8c..1da12c59d5 100644 --- a/stage2/01-sys-tweaks/00-patches/04-inputrc.diff +++ b/stage2/01-sys-tweaks/00-patches/04-inputrc.diff @@ -1,8 +1,6 @@ -Index: jessie-stage2/rootfs/etc/inputrc -=================================================================== ---- jessie-stage2.orig/rootfs/etc/inputrc -+++ jessie-stage2/rootfs/etc/inputrc -@@ -65,3 +65,7 @@ $endif +--- stage2.orig/rootfs/etc/inputrc ++++ stage2/rootfs/etc/inputrc +@@ -69,3 +69,7 @@ $endif # "\e[F": end-of-line $endif diff --git a/stage2/01-sys-tweaks/00-patches/05-path.diff b/stage2/01-sys-tweaks/00-patches/05-path.diff index 25b80a197a..38d7fc38aa 100644 --- a/stage2/01-sys-tweaks/00-patches/05-path.diff +++ b/stage2/01-sys-tweaks/00-patches/05-path.diff @@ -1,8 +1,6 @@ -Index: jessie-stage2/rootfs/etc/login.defs -=================================================================== ---- jessie-stage2.orig/rootfs/etc/login.defs -+++ jessie-stage2/rootfs/etc/login.defs -@@ -100,7 +100,7 @@ HUSHLOGIN_FILE .hushlogin +--- stage2.orig/rootfs/etc/login.defs ++++ stage2/rootfs/etc/login.defs +@@ -60,7 +60,7 @@ HUSHLOGIN_FILE .hushlogin # # (they are minimal, add the rest in the shell startup files) ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -10,13 +8,11 @@ Index: jessie-stage2/rootfs/etc/login.defs +ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games # - # Terminal permissions -Index: jessie-stage2/rootfs/etc/profile -=================================================================== ---- jessie-stage2.orig/rootfs/etc/profile -+++ jessie-stage2/rootfs/etc/profile + # Terminal permissions for terminals after login(1). +--- stage2.orig/rootfs/etc/profile ++++ stage2/rootfs/etc/profile @@ -4,7 +4,7 @@ - if [ "`id -u`" -eq 0 ]; then + if [ "$(id -u)" -eq 0 ]; then PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" else - PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" diff --git a/stage2/01-sys-tweaks/00-patches/07-resize-init.diff b/stage2/01-sys-tweaks/00-patches/07-resize-init.diff deleted file mode 100644 index 8c41357e8f..0000000000 --- a/stage2/01-sys-tweaks/00-patches/07-resize-init.diff +++ /dev/null @@ -1,5 +0,0 @@ ---- stage2.orig/rootfs/boot/cmdline.txt -+++ stage2/rootfs/boot/cmdline.txt -@@ -1 +1 @@ --console=serial0,115200 console=tty1 root=ROOTDEV rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait -+console=serial0,115200 console=tty1 root=ROOTDEV rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait quiet init=/usr/lib/raspi-config/init_resize.sh diff --git a/stage2/01-sys-tweaks/00-patches/series b/stage2/01-sys-tweaks/00-patches/series index aee040228a..cbd0fd4536 100644 --- a/stage2/01-sys-tweaks/00-patches/series +++ b/stage2/01-sys-tweaks/00-patches/series @@ -1,5 +1,3 @@ 01-useradd.diff -02-swap.diff 04-inputrc.diff 05-path.diff -07-resize-init.diff diff --git a/stage2/01-sys-tweaks/01-run.sh b/stage2/01-sys-tweaks/01-run.sh index 8d28adccc1..123f042d06 100755 --- a/stage2/01-sys-tweaks/01-run.sh +++ b/stage2/01-sys-tweaks/01-run.sh @@ -1,50 +1,49 @@ #!/bin/bash -e -install -m 755 files/resize2fs_once "${ROOTFS_DIR}/etc/init.d/" - -install -d "${ROOTFS_DIR}/etc/systemd/system/rc-local.service.d" -install -m 644 files/ttyoutput.conf "${ROOTFS_DIR}/etc/systemd/system/rc-local.service.d/" - -install -m 644 files/50raspi "${ROOTFS_DIR}/etc/apt/apt.conf.d/" - -install -m 644 files/console-setup "${ROOTFS_DIR}/etc/default/" +if [ -n "${PUBKEY_SSH_FIRST_USER}" ]; then + install -v -m 0700 -o 1000 -g 1000 -d "${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh + echo "${PUBKEY_SSH_FIRST_USER}" >"${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh/authorized_keys + chown 1000:1000 "${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh/authorized_keys + chmod 0600 "${ROOTFS_DIR}"/home/"${FIRST_USER_NAME}"/.ssh/authorized_keys +fi -install -m 755 files/rc.local "${ROOTFS_DIR}/etc/" +if [ "${PUBKEY_ONLY_SSH}" = "1" ]; then + sed -i -Ee 's/^#?[[:blank:]]*PubkeyAuthentication[[:blank:]]*no[[:blank:]]*$/PubkeyAuthentication yes/ +s/^#?[[:blank:]]*PasswordAuthentication[[:blank:]]*yes[[:blank:]]*$/PasswordAuthentication no/' "${ROOTFS_DIR}"/etc/ssh/sshd_config +fi on_chroot << EOF -systemctl disable hwclock.sh -systemctl disable nfs-common -systemctl disable rpcbind if [ "${ENABLE_SSH}" == "1" ]; then systemctl enable ssh else systemctl disable ssh fi -systemctl enable regenerate_ssh_host_keys EOF if [ "${USE_QEMU}" = "1" ]; then echo "enter QEMU mode" install -m 644 files/90-qemu.rules "${ROOTFS_DIR}/etc/udev/rules.d/" - on_chroot << EOF -systemctl disable resize2fs_once -EOF echo "leaving QEMU mode" -else - on_chroot << EOF -systemctl enable resize2fs_once -EOF fi -on_chroot <&2 - exit 3 - ;; -esac diff --git a/stage2/01-sys-tweaks/files/ttyoutput.conf b/stage2/01-sys-tweaks/files/ttyoutput.conf deleted file mode 100644 index 6a396a48e0..0000000000 --- a/stage2/01-sys-tweaks/files/ttyoutput.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Service] -StandardOutput=tty diff --git a/stage2/02-net-tweaks/00-packages b/stage2/02-net-tweaks/00-packages index cc4a68e670..b8c319ad36 100644 --- a/stage2/02-net-tweaks/00-packages +++ b/stage2/02-net-tweaks/00-packages @@ -1,4 +1,4 @@ -wpasupplicant wireless-tools firmware-atheros firmware-brcm80211 firmware-libertas firmware-misc-nonfree firmware-realtek +wpasupplicant wireless-tools firmware-atheros firmware-brcm80211 firmware-libertas firmware-realtek firmware-mediatek firmware-marvell-prestera- raspberrypi-net-mods -dhcpcd5 +network-manager net-tools diff --git a/stage2/02-net-tweaks/01-run.sh b/stage2/02-net-tweaks/01-run.sh index 092975531f..1f91095071 100755 --- a/stage2/02-net-tweaks/01-run.sh +++ b/stage2/02-net-tweaks/01-run.sh @@ -1,31 +1,24 @@ #!/bin/bash -e -install -v -d "${ROOTFS_DIR}/etc/systemd/system/dhcpcd.service.d" -install -v -m 644 files/wait.conf "${ROOTFS_DIR}/etc/systemd/system/dhcpcd.service.d/" +# Newer versions of raspberrypi-sys-mods set rfkill.default_state=0 to prevent +# radiating on 5GHz bands until the WLAN regulatory domain is set. +# Unfortunately, this also blocks bluetooth, so we whitelist the known +# on-board BT adapters here. -install -v -d "${ROOTFS_DIR}/etc/wpa_supplicant" -install -v -m 600 files/wpa_supplicant.conf "${ROOTFS_DIR}/etc/wpa_supplicant/" +mkdir -p "${ROOTFS_DIR}/var/lib/systemd/rfkill/" +# 5 miniuart 4 miniuart Zero miniuart other other +for addr in 107d50c000.serial 3f215040.serial 20215040.serial fe215040.serial soc; do + echo 0 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-${addr}:bluetooth" +done if [ -v WPA_COUNTRY ]; then - echo "country=${WPA_COUNTRY}" >> "${ROOTFS_DIR}/etc/wpa_supplicant/wpa_supplicant.conf" -fi - -if [ -v WPA_ESSID ] && [ -v WPA_PASSWORD ]; then -on_chroot <> "${ROOTFS_DIR}/etc/wpa_supplicant/wpa_supplicant.conf" << EOL - -network={ - ssid="${WPA_ESSID}" - key_mgmt=NONE -} -EOL + on_chroot <<- EOF + SUDO_USER="${FIRST_USER_NAME}" raspi-config nonint do_wifi_country "${WPA_COUNTRY}" + EOF +elif [ -d "${ROOTFS_DIR}/var/lib/NetworkManager" ]; then + # NetworkManager unblocks all WLAN devices by default. Prevent that: + cat > "${ROOTFS_DIR}/var/lib/NetworkManager/NetworkManager.state" <<- EOF + [main] + WirelessEnabled=false + EOF fi - -# Disable wifi on 5GHz models -mkdir -p "${ROOTFS_DIR}/var/lib/systemd/rfkill/" -echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-3f300000.mmcnr:wlan" -echo 1 > "${ROOTFS_DIR}/var/lib/systemd/rfkill/platform-fe300000.mmcnr:wlan" diff --git a/stage2/02-net-tweaks/files/wait.conf b/stage2/02-net-tweaks/files/wait.conf deleted file mode 100644 index 595cc2d9e1..0000000000 --- a/stage2/02-net-tweaks/files/wait.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -ExecStart= -ExecStart=/usr/lib/dhcpcd5/dhcpcd -q -w diff --git a/stage2/02-net-tweaks/files/wpa_supplicant.conf b/stage2/02-net-tweaks/files/wpa_supplicant.conf deleted file mode 100644 index 0fc335ebb9..0000000000 --- a/stage2/02-net-tweaks/files/wpa_supplicant.conf +++ /dev/null @@ -1,2 +0,0 @@ -ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev -update_config=1 diff --git a/stage2/04-cloud-init/00-packages b/stage2/04-cloud-init/00-packages new file mode 100644 index 0000000000..4892d37574 --- /dev/null +++ b/stage2/04-cloud-init/00-packages @@ -0,0 +1,2 @@ +cloud-init +rpi-cloud-init-mods diff --git a/stage2/04-cloud-init/01-run.sh b/stage2/04-cloud-init/01-run.sh new file mode 100755 index 0000000000..9a4622e1ab --- /dev/null +++ b/stage2/04-cloud-init/01-run.sh @@ -0,0 +1,12 @@ +#!/bin/bash -e + +if [ "${ENABLE_CLOUD_INIT}" != "1" ]; then + log "Skipping cloud-init stage" + exit 0 +fi + +# some preseeding without any runtime effect if not modified +# install meta-data file for NoCloud data-source to work +install -v -m 755 files/meta-data "${ROOTFS_DIR}/boot/firmware/meta-data" +install -v -m 755 files/user-data "${ROOTFS_DIR}/boot/firmware/user-data" +install -v -m 755 files/network-config "${ROOTFS_DIR}/boot/firmware/network-config" diff --git a/stage2/04-cloud-init/README.txt b/stage2/04-cloud-init/README.txt new file mode 100644 index 0000000000..00da52e6f0 --- /dev/null +++ b/stage2/04-cloud-init/README.txt @@ -0,0 +1,10 @@ +Cloud-Init support for Raspberry Pi OS + +Reference for Raspberry Pi custom cloud-init config module: https://cloudinit.readthedocs.io/en/latest/reference/modules.html#raspberry-pi-configuration + +- files/network-config is required because otherwise imager would fail to create the correct filesystem entry + +- files/user-data same reason and to include some example configurations + +- files/meta-data Cloud-init instance configuration + diff --git a/stage2/04-cloud-init/files/meta-data b/stage2/04-cloud-init/files/meta-data new file mode 100644 index 0000000000..ac36efdae2 --- /dev/null +++ b/stage2/04-cloud-init/files/meta-data @@ -0,0 +1,18 @@ +# This is the meta-data configuration file for cloud-init. Please refer to the +# cloud-init documentation for more information: +# +# https://cloudinit.readthedocs.io/ + +# Set the datasource mode to "local". This ensures that user-data is acted upon +# prior to bringing up the network (because everything about the datasource is +# assumed to be local). If you wish to use an HTTP datasource instead, you can +# change this to "net" or override it on the kernel cmdline (see README). +dsmode: local + +# Specifies the "unique" identifier of the instance. Typically in cloud-init +# this is generated by the owning cloud and is actually unique (to some +# degree). Here our data-source is local, so this is just a fixed string. +# Warning: changing this will cause cloud-init to assume it is running on a +# "new" instance, and to go through first time setup again (the value is +# compared to a cached copy). +instance_id: rpios-image diff --git a/stage2/04-cloud-init/files/network-config b/stage2/04-cloud-init/files/network-config new file mode 100644 index 0000000000..2bfc7ad5e6 --- /dev/null +++ b/stage2/04-cloud-init/files/network-config @@ -0,0 +1,50 @@ +# This file contains a netplan-compatible configuration which cloud-init will +# apply on first-boot (note: it will *not* update the config after the first +# boot). Please refer to the cloud-init documentation and the netplan reference +# for full details: +# +# https://netplan.io/reference +# https://cloudinit.readthedocs.io/en/latest/topics/network-config.html +# https://cloudinit.readthedocs.io/en/latest/topics/network-config-format-v2.html +# +# Please note that the YAML format employed by this file is sensitive to +# differences in whitespace; if you are editing this file in an editor (like +# Notepad) which uses literal tabs, take care to only use spaces for +# indentation. See the following link for more details: +# +# https://en.wikipedia.org/wiki/YAML +# +# Additionally, please be aware that if your boot sequence depends on active +# networking (e.g. if your cloud-init configuration pulls packages or SSH +# keys from the network), you *must* mark at least one interface as required +# ("optional: false") below. Otherwise, particularly on faster boards, +# cloud-init will start attempting to use the network before it is ready + +# Some additional examples are commented out below + +#network: +# version: 2 +# +# ethernets: +# eth0: +# dhcp4: true +# optional: true + +# wifis: +# wlan0: +# dhcp4: true +# optional: true +# access-points: +# myhomewifi: +# password: "S3kr1t" +# myworkwifi: +# password: "correct battery horse staple" +# workssid: +# auth: +# key-management: eap +# method: peap +# identity: "me@example.com" +# password: "passw0rd" +# ca-certificate: /etc/my_ca.pem + +# regulatory-domain: GB diff --git a/stage2/04-cloud-init/files/user-data b/stage2/04-cloud-init/files/user-data new file mode 100644 index 0000000000..ce342576fe --- /dev/null +++ b/stage2/04-cloud-init/files/user-data @@ -0,0 +1,102 @@ +#cloud-config + +# This is the user-data configuration file for cloud-init. By default this sets +# up an initial user called "ubuntu" with password "ubuntu", which must be +# changed at first login. However, many additional actions can be initiated on +# first boot from this file. The cloud-init documentation has more details: +# +# https://cloudinit.readthedocs.io/ +# +# Please note that the YAML format employed by this file is sensitive to +# differences in whitespace; if you are editing this file in an editor (like +# Notepad) which uses literal tabs, take care to only use spaces for +# indentation. See the following link for more details: +# +# https://en.wikipedia.org/wiki/YAML +# +# Some additional examples are provided in comments below the default +# configuration. + +## Set the system's hostname. Please note that, unless you have a local DNS +## setup where the hostname is derived from DHCP requests (as with dnsmasq), +## setting the hostname here will not make the machine reachable by this name. +## You may also wish to install avahi-daemon (see the "packages:" key below) +## to make your machine reachable by the .local domain +#hostname: raspberrypi + +## Set up the keyboard layout. See localectl(1), in particular the various +## list-x11-* sub-commands, to determine the available models, layouts, +## variants, and options +#keyboard: +# model: pc105 +# layout: gb +# variant: +# options: ctrl:nocaps + +# Controls password authentication with the SSH daemon; the default here can +# prevent logging into SSH with a password. Changing this is a security risk +# and you should at the very least ensure a different default password is +# specified above +#ssh_pwauth: false + +## On first boot, use ssh-import-id to give the specific users SSH access to +## the default user +#ssh_import_id: +#- lp:my_launchpad_username +#- gh:my_github_username + +## Add users and groups to the system, and import keys with the ssh-import-id +## utility +#groups: +#- robot: [robot] +#- robotics: [robot] +#- pi +# +#users: +#- default +#- name: robot +# gecos: Mr. Robot +# primary_group: robot +# groups: users +# ssh_import_id: foobar +# lock_passwd: false +# passwd: $5$hkui88$nvZgIle31cNpryjRfO9uArF7DYiBcWEnjqq7L1AQNN3 + +## Update apt database and upgrade packages on first boot +#package_update: true +#package_upgrade: true + +## Install additional packages on first boot +#packages: +#- avahi-daemon +#- rng-tools +#- python3-gpiozero +#- [python3-serial, 3.5-1] + +## Write arbitrary files to the file-system (including binaries!) +#write_files: +#- path: /etc/default/console-setup +# content: | +# # Consult the console-setup(5) manual page. +# ACTIVE_CONSOLES="/dev/tty[1-6]" +# CHARMAP="UTF-8" +# VIDEOMODE= +# FONT="Lat15-Terminus18x10.psf.gz" +# FONTFACE= +# FONTSIZE= +# CODESET="Lat15" +# permissions: '0644' +# owner: root:root +#- encoding: gzip +# path: /root/Makefile +# content: !!binary | +# H4sICF2DTWIAA01ha2VmaWxlAFNWCM8syVBILMjPyU/PTC1WKMlXiPB2dlFQNjSx5MpNteLi +# dLDiSoRQxYl5KeWZyRkgXrSCkoqKRmaKgm6pppKCbmqhgoFCrIKamkK1QmpyRr6Ckn92YqWS +# NdC80uQMBZhOa4VahZoaqIrwjMQSewXfxOxUhcwShcr80qLi1Jw0RSUuAIYfEJmVAAAA +# owner: root:root +# permissions: '0644' + +## Run arbitrary commands at rc.local like time +#runcmd: +#- [ ls, -l, / ] +#- [ sh, -xc, "echo $(date) ': hello world!'" ] diff --git a/stage2/EXPORT_NOOBS b/stage2/EXPORT_NOOBS deleted file mode 100644 index 136cc77778..0000000000 --- a/stage2/EXPORT_NOOBS +++ /dev/null @@ -1,2 +0,0 @@ -NOOBS_NAME="Raspbian Lite" -NOOBS_DESCRIPTION="A port of Debian with no desktop environment" diff --git a/stage3/00-install-packages/00-debconf b/stage3/00-install-packages/00-debconf deleted file mode 100644 index 7dbd12eb28..0000000000 --- a/stage3/00-install-packages/00-debconf +++ /dev/null @@ -1,2 +0,0 @@ -# Adobe Flash Player. Copyright 1996-2015. Adobe Systems Incorporated. All Rights Reserved. -rpi-chromium-mods rpi-chromium-mods/adobe note diff --git a/stage3/00-install-packages/00-packages b/stage3/00-install-packages/00-packages index eac74ea545..3aa1ae8c8a 100644 --- a/stage3/00-install-packages/00-packages +++ b/stage3/00-install-packages/00-packages @@ -1,15 +1,2 @@ -gstreamer1.0-x gstreamer1.0-omx gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-plugins-bad gstreamer1.0-alsa gstreamer1.0-libav -qpdfview gtk2-engines alsa-utils -desktop-base -git -omxplayer -raspberrypi-artwork -policykit-1 -gvfs -rfkill -chromium-browser rpi-chromium-mods -gldriver-test -fonts-droid-fallback -fonts-liberation2 -obconf -arandr +rpd-preferences +rpd-theme diff --git a/stage3/00-install-packages/00-packages-nr b/stage3/00-install-packages/00-packages-nr index ffc324bf4a..fec8391368 100644 --- a/stage3/00-install-packages/00-packages-nr +++ b/stage3/00-install-packages/00-packages-nr @@ -1,6 +1,2 @@ -xserver-xorg-video-fbdev xserver-xorg xinit xserver-xorg-video-fbturbo -mousepad -lxde lxtask menu-xdg -zenity xdg-utils -gvfs-backends gvfs-fuse -lightdm gnome-themes-standard-data gnome-icon-theme +rpd-wayland-core +rpd-x-core diff --git a/stage3/00-install-packages/01-run.sh b/stage3/00-install-packages/01-run.sh deleted file mode 100755 index d76874722a..0000000000 --- a/stage3/00-install-packages/01-run.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -e - -on_chroot << EOF -update-alternatives --install /usr/bin/x-www-browser \ - x-www-browser /usr/bin/chromium-browser 86 -update-alternatives --install /usr/bin/gnome-www-browser \ - gnome-www-browser /usr/bin/chromium-browser 86 -EOF diff --git a/stage3/01-print-support/00-run.sh b/stage3/01-print-support/00-run.sh new file mode 100755 index 0000000000..dc9e2b2c3c --- /dev/null +++ b/stage3/01-print-support/00-run.sh @@ -0,0 +1,5 @@ +#!/bin/bash -e + +on_chroot <]' "/Raspberry Pi Beginner's Guide v3<\/TITLE>/ {f=1; next} f==1 && /PDF/ {print \$3; exit}")" -OUTPUT="$(basename "$GUIDE_URL" | cut -f1 -d'?')" - -if [ ! -f "files/$OUTPUT" ]; then - rm files/*.pdf -f - curl -s "$GUIDE_URL" -o "files/$OUTPUT" -fi - -file "files/$OUTPUT" | grep -q "PDF document" - -install -v -o 1000 -g 1000 -d "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/Bookshelf" -install -v -o 1000 -g 1000 -m 644 "files/$OUTPUT" "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/Bookshelf/" diff --git a/stage4/03-bookshelf/files/.gitignore b/stage4/03-bookshelf/files/.gitignore deleted file mode 100644 index a136337994..0000000000 --- a/stage4/03-bookshelf/files/.gitignore +++ /dev/null @@ -1 +0,0 @@ -*.pdf diff --git a/stage4/04-enable-xcompmgr/00-run.sh b/stage4/04-enable-xcompmgr/00-run.sh deleted file mode 100755 index ad6298df7b..0000000000 --- a/stage4/04-enable-xcompmgr/00-run.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -e - -on_chroot << EOF - raspi-config nonint do_xcompmgr 0 -EOF diff --git a/stage4/EXPORT_NOOBS b/stage4/EXPORT_NOOBS deleted file mode 100644 index 2ef6d7b486..0000000000 --- a/stage4/EXPORT_NOOBS +++ /dev/null @@ -1,2 +0,0 @@ -NOOBS_NAME="Raspbian" -NOOBS_DESCRIPTION="A port of Debian with the Raspberry Pi Desktop" diff --git a/stage5/00-install-extras/00-packages b/stage5/00-install-extras/00-packages index 609e718125..dd5fbe4a11 100644 --- a/stage5/00-install-extras/00-packages +++ b/stage5/00-install-extras/00-packages @@ -1,16 +1,5 @@ mu-editor -sonic-pi -scratch nuscratch scratch2 scratch3 -smartsim - -minecraft-pi python-minecraftpi python-picraft python3-picraft -python-sense-emu sense-emu-tools python-sense-emu-doc - -wolfram-engine +scratch3 claws-mail -greenfoot-unbundled bluej -nodered -realvnc-vnc-viewer - -python-games -code-the-classics +code-the-classics code-the-classics-2 +kicad diff --git a/stage5/00-install-libreoffice/00-packages b/stage5/00-install-libreoffice/00-packages index 148e7b941f..dc1b8d770b 100644 --- a/stage5/00-install-libreoffice/00-packages +++ b/stage5/00-install-libreoffice/00-packages @@ -1,3 +1,3 @@ -libreoffice-pi +libreoffice-pi openjdk-11-jre- libreoffice-help-en-gb libreoffice-l10n-en-gb diff --git a/stage5/EXPORT_NOOBS b/stage5/EXPORT_NOOBS deleted file mode 100644 index cb1020328e..0000000000 --- a/stage5/EXPORT_NOOBS +++ /dev/null @@ -1,2 +0,0 @@ -NOOBS_NAME="Raspbian Full" -NOOBS_DESCRIPTION="A port of Debian with desktop and recommended applications"