diff options
author | Jan Wagner <mail@jwagner.eu> | 2016-04-19 15:10:50 +0200 |
---|---|---|
committer | Jan Wagner <mail@jwagner.eu> | 2016-04-19 15:10:50 +0200 |
commit | d0f91512d9ca6d361d8a4a387094c48aab00e111 (patch) | |
tree | b00ed220e2fa04bdb1db43475a8149d01d1be5db /files | |
parent | 7878e85af7748d531a64f459723dca76ee37914b (diff) | |
download | rpi2-gen-image-master.tar.gz rpi2-gen-image-master.tar.bz2 rpi2-gen-image-master.zip |
Diffstat (limited to 'files')
-rw-r--r-- | files/boot/uboot.mkimage | 6 | ||||
-rw-r--r-- | files/firstboot/21-generate-ssh-keys.sh | 6 | ||||
-rw-r--r-- | files/firstboot/22-expandroot.sh | 18 | ||||
-rw-r--r-- | files/firstboot/23-regenerate-initramfs.sh | 31 | ||||
-rw-r--r-- | files/firstboot/24-generate-machineid.sh (renamed from files/firstboot/23-generate-machineid.sh) | 0 | ||||
-rw-r--r-- | files/firstboot/25-create-resolv-symlink.sh (renamed from files/firstboot/24-create-resolv-symlink.sh) | 0 | ||||
-rwxr-xr-x | files/initramfs/expand-premount | 19 | ||||
-rwxr-xr-x | files/initramfs/expand-tools | 19 | ||||
-rw-r--r-- | files/initramfs/expand_encrypted_rootfs | 85 |
9 files changed, 180 insertions, 4 deletions
diff --git a/files/boot/uboot.mkimage b/files/boot/uboot.mkimage index cd71de6..8d02431 100644 --- a/files/boot/uboot.mkimage +++ b/files/boot/uboot.mkimage @@ -1,3 +1,6 @@ +# Set device tree fdtfile +setenv dtbfile bcm2709-rpi-2-b.dtb + # Tell Linux that it is booting on a Raspberry Pi2 setenv machid 0x00000c42 @@ -6,6 +9,7 @@ saveenv # Load the existing Linux kernel into RAM fatload mmc 0:1 ${kernel_addr_r} kernel7.img +fatload mmc 0:1 ${fdt_addr_r} ${dtbfile} +fatload mmc 0:1 ${ramdisk_addr_r} ${initramfs} # Boot the kernel we have just loaded -bootz ${kernel_addr_r} diff --git a/files/firstboot/21-generate-ssh-keys.sh b/files/firstboot/21-generate-ssh-keys.sh index 928ee2e..b3345b4 100644 --- a/files/firstboot/21-generate-ssh-keys.sh +++ b/files/firstboot/21-generate-ssh-keys.sh @@ -1,8 +1,11 @@ logger -t "rc.firstboot" "Generating SSH host keys" if [ -d "/etc/ssh/" ] ; then + # Remove ssh host keys rm -f /etc/ssh/ssh_host_* systemctl stop sshd + + # Regenerate ssh host keys ssh-keygen -q -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key ssh-keygen -q -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key ssh-keygen -q -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key @@ -11,8 +14,11 @@ if [ -d "/etc/ssh/" ] ; then fi if [ -d "/etc/dropbear/" ] ; then + # Remove ssh host keys rm -f /etc/dropbear/dropbear_* systemctl stop dropbear + + # Regenerate ssh host keys dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key diff --git a/files/firstboot/22-expandroot.sh b/files/firstboot/22-expandroot.sh index 03ec50d..235c411 100644 --- a/files/firstboot/22-expandroot.sh +++ b/files/firstboot/22-expandroot.sh @@ -1,10 +1,20 @@ -logger -t "rc.firstboot" "Expanding root" +logger -t "rc.firstboot" "Expanding root partition" + +# Detect root partition device ROOT_PART=$(mount | sed -n 's|^/dev/\(.*\) on / .*|\1|p') -PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$') +if [ -z "$ROOT_PART" ] ; then + log_warning_msg "unable to detect root partition device" + return 1 +fi + +# Extract root device name case "${ROOT_PART}" in mmcblk0*) ROOT_DEV=mmcblk0 ;; sda*) ROOT_DEV=sda ;; esac + +# Check detected root partition name +PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$') if [ "$PART_NUM" = "$ROOT_PART" ] ; then logger -t "rc.firstboot" "$ROOT_PART is not an SD card. Don't know how to expand" return 0 @@ -16,6 +26,8 @@ if [ "$PART_NUM" -gt 2 ] ; then logger -t "rc.firstboot" "Your partition layout is not currently supported by this tool." return 0 fi + +# Check if last partition number LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:) if [ $LAST_PART_NUM -ne $PART_NUM ]; then logger -t "rc.firstboot" "$ROOT_PART is not the last partition. Don't know how to expand" @@ -53,4 +65,4 @@ EOF2 # Reload the partition table, resize root filesystem then remove resizing code from this file partprobe && resize2fs /dev/${ROOT_PART} && - logger -t "rc.firstboot" "Root partition successfuly resized." + logger -t "rc.firstboot" "Root partition successfully resized." diff --git a/files/firstboot/23-regenerate-initramfs.sh b/files/firstboot/23-regenerate-initramfs.sh new file mode 100644 index 0000000..78e2922 --- /dev/null +++ b/files/firstboot/23-regenerate-initramfs.sh @@ -0,0 +1,31 @@ +logger -t "rc.firstboot" "Regenerating initramfs to remove encrypted root partition auto-expand" + +KERNEL_VERSION=$(uname -r) +KERNEL_ARCH=$(uname -m) +INITRAMFS="/boot/firmware/initramfs-${KERNEL_VERSION}" +INITRAMFS_UBOOT="${INITRAMFS}.uboot" + +# Extract kernel arch +case "${KERNEL_ARCH}" in + arm*) KERNEL_ARCH=arm ;; +esac + +# Regenerate initramfs +if [ -r "${INITRAMFS}" ] ; then + rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs + rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount + rm -f /etc/initramfs-tools/hooks/expand-tools + rm -f "${INITRAMFS}" + mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}" +fi + +# Convert generated initramfs for U-Boot using mkimage +if [ -r "${INITRAMFS_UBOOT}" ] ; then + rm -f /etc/initramfs-tools/scripts/init-premount/expand_encrypted_rootfs + rm -f /etc/initramfs-tools/scripts/local-premount/expand-premount + rm -f /etc/initramfs-tools/hooks/expand-tools + rm -f "${INITRAMFS_UBOOT}" + mkinitramfs -o "${INITRAMFS}" "${KERNEL_VERSION}" + mkimage -A "${KERNEL_ARCH}" -T ramdisk -C none -n "initramfs-${KERNEL_VERSION}" -d "${INITRAMFS}" "${INITRAMFS_UBOOT}" + rm -f "${INITRAMFS}" +fi diff --git a/files/firstboot/23-generate-machineid.sh b/files/firstboot/24-generate-machineid.sh index dca48b3..dca48b3 100644 --- a/files/firstboot/23-generate-machineid.sh +++ b/files/firstboot/24-generate-machineid.sh diff --git a/files/firstboot/24-create-resolv-symlink.sh b/files/firstboot/25-create-resolv-symlink.sh index 8a3f00b..8a3f00b 100644 --- a/files/firstboot/24-create-resolv-symlink.sh +++ b/files/firstboot/25-create-resolv-symlink.sh diff --git a/files/initramfs/expand-premount b/files/initramfs/expand-premount new file mode 100755 index 0000000..c0c5582 --- /dev/null +++ b/files/initramfs/expand-premount @@ -0,0 +1,19 @@ +#!/bin/sh + +set -e + +# Check for cryptdevice variable +if [ -z "$cryptdevice" ] ; then + echo "unable to get cryptdevice variable (local-premount)" + exit 1 +fi + +if [ -n "$ROOT" ] ; then + # Resize encrypted root partition + cryptsetup resize "${ROOT}" + e2fsck -fp "${ROOT}" + resize2fs -f "${ROOT}" + e2fsck -fp "${ROOT}" +fi + +exit 0 diff --git a/files/initramfs/expand-tools b/files/initramfs/expand-tools new file mode 100755 index 0000000..ad5dea3 --- /dev/null +++ b/files/initramfs/expand-tools @@ -0,0 +1,19 @@ +#!/bin/sh + +set -e + +# Use initramfs utility functions +. /usr/share/initramfs-tools/hook-functions + +# Add binaries required for resizing the filesystem +copy_exec /bin/grep /bin +copy_exec /usr/bin/awk /bin +copy_exec /usr/bin/cut /bin +copy_exec /usr/bin/tail /bin +copy_exec /sbin/fdisk /sbin +copy_exec /sbin/parted /sbin +copy_exec /sbin/e2fsck /sbin +copy_exec /sbin/resize2fs /sbin +copy_exec /sbin/partprobe /sbin + +exit 0 diff --git a/files/initramfs/expand_encrypted_rootfs b/files/initramfs/expand_encrypted_rootfs new file mode 100644 index 0000000..e6896ba --- /dev/null +++ b/files/initramfs/expand_encrypted_rootfs @@ -0,0 +1,85 @@ +#!/bin/sh +# expand_encrypted_rootfs initramfs-tools boot script + +# dependencies: grep awk cut tail fdisk parted e2fsck resize2fs + +set -e + +# Wait for USB devices to be ready +sleep 5 + +# Use initramfs utility functions +if [ -r "/scripts/functions" ] ; then + . /scripts/functions +fi + +# Check for cryptdevice variable +if [ -z "$cryptdevice" ] ; then + echo "unable to get cryptdevice variable (init-premount)" + return 1 +fi + +# Detect root partition device +ROOT_PART=$(echo $cryptdevice | awk -F"/|:" '{ print $3 }') +if [ -z "$ROOT_PART" ] ; then + log_warning_msg "unable to detect encrypted root partition device (cryptdevice)" + return 1 +fi + +# Extract root device name +case "${ROOT_PART}" in + mmcblk0*) ROOT_DEV=mmcblk0 ;; + sda*) ROOT_DEV=sda ;; +esac + +# Check detected root partition name +PART_NUM=$(echo ${ROOT_PART} | grep -o '[1-9][0-9]*$') +if [ "$PART_NUM" = "$ROOT_PART" ] ; then + log_warning_msg "$ROOT_PART is not an SD card. Don't know how to expand" + return 1 +fi + +# NOTE: the NOOBS partition layout confuses parted. For now, let's only +# agree to work with a sufficiently simple partition layout +if [ "$PART_NUM" -gt 2 ] ; then + log_warning_msg "Your partition layout is not currently supported by this tool." + return 1 +fi + +# Check if last partition number +LAST_PART_NUM=$(parted /dev/${ROOT_DEV} -ms unit s p | tail -n 1 | cut -f 1 -d:) +if [ $LAST_PART_NUM -ne $PART_NUM ]; then + log_warning_msg "$ROOT_PART is not the last partition. Don't know how to expand" + return 1 +fi + +# Get the starting offset of the root partition +PART_START=$(parted /dev/${ROOT_DEV} -ms unit s p | grep "^${PART_NUM}" | cut -f 2 -d: | sed 's/[^0-9]//g') +if [ -z "$PART_START" ] ; then + log_warning_msg "${ROOT_DEV} unable to get starting sector of the partition" + return 1 +fi + +# Get the possible last sector for the root partition +PART_LAST=$(fdisk -l /dev/${ROOT_DEV} | grep '^Disk.*sectors' | awk '{ print $7 - 1 }') +if [ -z "$PART_LAST" ] ; then + log_warning_msg "${ROOT_DEV} unable to get last sector of the partition" + return 1 +fi + +### Since rc.local is run with "sh -e", let's add "|| true" to prevent premature exit +fdisk /dev/${ROOT_DEV} 2> /dev/null <<EOF2 || true +p +d +$PART_NUM +n +p +$PART_NUM +$PART_START +$PART_LAST +p +w +EOF2 + +partprobe +log_success_msg "Root partition successfully resized." |