qiurui
/
armbian-build
mirror of https://github.com/armbian/build.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
armbian-build/lib/functions/rootfs/distro-specific.sh

350 lines
15 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
#
# SPDX-License-Identifier: GPL-2.0
#
# Copyright (c) 2013-2023 Igor Pecovnik, igor@armbian.com
#
# This file is a part of the Armbian Build Framework
# https://github.com/armbian/build/
function install_distribution_specific() {
display_alert "Applying distribution specific tweaks for" "${RELEASE:-}" "info"
# disable broken service, the problem is in default misconfiguration
disable_systemd_service_sdcard smartmontools.service smartd.service
if [[ "${DISTRIBUTION}" == "Ubuntu" ]]; then
# by using default lz4 initrd compression leads to corruption, go back to proven method
# @TODO: rpardini: this should be a config option (which is always set to zstd ;-D )
sed -i "s/^COMPRESS=.*/COMPRESS=gzip/" "${SDCARD}"/etc/initramfs-tools/initramfs.conf
run_host_command_logged rm -f "${SDCARD}"/etc/update-motd.d/{10-uname,10-help-text,50-motd-news,80-esm,80-livepatch,90-updates-available,91-release-upgrade,95-hwe-eol}
# Journal service adjustements
sed -i "s/#Storage=.*/Storage=volatile/g" "${SDCARD}"/etc/systemd/journald.conf
sed -i "s/#Compress=.*/Compress=yes/g" "${SDCARD}"/etc/systemd/journald.conf
sed -i "s/#RateLimitIntervalSec=.*/RateLimitIntervalSec=30s/g" "${SDCARD}"/etc/systemd/journald.conf
sed -i "s/#RateLimitBurst=.*/RateLimitBurst=10000/g" "${SDCARD}"/etc/systemd/journald.conf
# disable conflicting services
disable_systemd_service_sdcard ondemand.service
# Remove Ubuntu APT spamming
install_artifact_deb_chroot "fake-ubuntu-advantage-tools"
truncate --size=0 "${SDCARD}"/etc/apt/apt.conf.d/20apt-esm-hook.conf
fi
# install our base-files package (this replaces the original from Debian/Ubuntu)
if [[ "${KEEP_ORIGINAL_OS_RELEASE:-"no"}" != "yes" ]]; then
install_artifact_deb_chroot "armbian-base-files" "--allow-downgrades"
fi
# Set DNS server if systemd-resolved is in use
if [[ -n "$NAMESERVER" && -f "${SDCARD}"/etc/systemd/resolved.conf ]]; then
display_alert "Using systemd-resolved" "for DNS management" "info"
# This used to set a default DNS entry from $NAMESERVER into "${SDCARD}"/etc/systemd/resolved.conf.d/00-armbian-default-dns.conf -- no longer; better left to DHCP.
fi
# cleanup motd services and related files
disable_systemd_service_sdcard motd-news.service motd-news.timer
# remove motd news from motd.ubuntu.com
[[ -f "${SDCARD}"/etc/default/motd-news ]] && sed -i "s/^ENABLED=.*/ENABLED=0/" "${SDCARD}"/etc/default/motd-news
# remove doubled uname from motd
[[ -f "${SDCARD}"/etc/update-motd.d/10-uname ]] && rm "${SDCARD}"/etc/update-motd.d/10-uname
# rc.local is not existing but one might need it
install_rclocal
# use list modules INITRAMFS
if [ -f "${SRC}"/config/modules/"${MODULES_INITRD}" ]; then
display_alert "Use file list modules MODULES_INITRD" "${MODULES_INITRD}"
sed -i "s/^MODULES=.*/MODULES=list/" "${SDCARD}"/etc/initramfs-tools/initramfs.conf
cat "${SRC}"/config/modules/"${MODULES_INITRD}" >> "${SDCARD}"/etc/initramfs-tools/modules
fi
}
#fetch_distro_keyring <release>
#
# <release>: debian or ubuntu release name
#
function fetch_distro_keyring() {
declare release="${1}"
declare distro=""
case $release in
buster | bullseye | bookworm | trixie | forky | sid)
distro="debian"
;;
focal | jammy | noble | oracular | plucky | raccoon)
distro="ubuntu"
;;
*)
exit_with_error "fetch_distro_keyring failed" "unrecognized release: $release"
esac
declare -a PROXY
case "${MANAGE_ACNG}" in
yes)
PROXY+=('-x' 'http://localhost:3142/')
;;
no) ;& #fallthrough
"")
PROXY+=('') # don't use a proxy
;; # stop falling
*)
PROXY+=('-x' "${MANAGE_ACNG}")
;;
esac
CACHEDIR="/armbian/cache/keyrings/$distro"
mkdir -p "${CACHEDIR}"
case $distro in
debian)
if [ -e "${CACHEDIR}/debian-archive-keyring.gpg" ]; then
display_alert "fetch_distro_keyring($release)" "cache found, skipping" "info"
else
# FIXME: should this be a loop? might allow more parameterization and shorter lines to read.
PKG_URL=$(curl --compressed -Ls 'https://packages.debian.org/sid/all/debian-archive-keyring/download' | \
grep -oP 'http://(deb|ftp)\.debian\.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_[0-9.]*_[a-zA-Z0-9]*\.deb')
[[ -z "${PKG_URL}" ]] && exit_with_error "fetch_distro_keyring failed" "unable to find newest debian-archive-keyring package"
run_host_command_logged curl "${PROXY[@]}" -fLOJ --output-dir "${CACHEDIR}" "${PKG_URL}" || \
exit_with_error "fetch_distro_keyring failed" "unable to download ${PKG_URL}"
KEYRING_DEB=$(basename "${PKG_URL}")
# We ignore the failures of unpacking b/c we cannot tell the difference between unpack failures and chmod/chgrp failures
dpkg-deb -x "${CACHEDIR}/${KEYRING_DEB}" "${CACHEDIR}" || /bin/true # ignore failures, we'll check a few lines down
if [[ -e "${CACHEDIR}/usr/share/keyrings/debian-archive-keyring.pgp" ]]; then
# yes, for 2025.1, the canonical name is .pgp, but our tools expect .gpg.
# the package contains the .pgp and a .gpg symlink to it.
cp -l "${CACHEDIR}/usr/share/keyrings/debian-archive-keyring.pgp" "${CACHEDIR}/debian-archive-keyring.gpg"
elif [[ -e "${CACHEDIR}/usr/share/keyrings/debian-archive-keyring.gpg" ]]; then
cp -l "${CACHEDIR}/usr/share/keyrings/debian-archive-keyring.gpg" "${CACHEDIR}/debian-archive-keyring.gpg"
else
exit_with_error "fetch_distro_keyring" "unable to find debian-archive-keyring.gpg"
fi
PKG_URL=$(curl --compressed -Ls 'https://packages.debian.org/sid/all/debian-ports-archive-keyring/download' | \
grep -oP 'http://(deb|ftp)\.debian\.org/debian/pool/main/d/debian-ports-archive-keyring/debian-ports-archive-keyring_[0-9.]*_[a-zA-Z0-9]*\.deb')
[[ -z "${PKG_URL}" ]] && exit_with_error "fetch_distro_keyring failed" "unable to find newest debian-ports-archive-keyring package"
run_host_command_logged curl "${PROXY[@]}" -fLOJ --output-dir "${CACHEDIR}" "${PKG_URL}" || \
exit_with_error "fetch_distro_keyring failed" "unable to download ${PKG_URL}"
KEYRING_DEB=$(basename "${PKG_URL}")
dpkg-deb -x "${CACHEDIR}/${KEYRING_DEB}" "${CACHEDIR}" || /bin/true # see above about ignoring errors
if [[ -e "${CACHEDIR}/usr/share/keyrings/debian-ports-archive-keyring.pgp" ]]; then
# see above comment re .pgp vs .gpg
cp -l "${CACHEDIR}/usr/share/keyrings/debian-ports-archive-keyring.pgp" "${CACHEDIR}/debian-ports-archive-keyring.gpg"
elif [[ -e "${CACHEDIR}/usr/share/keyrings/debian-ports-archive-keyring.gpg" ]]; then
cp -l "${CACHEDIR}/usr/share/keyrings/debian-ports-archive-keyring.gpg" "${CACHEDIR}/debian-ports-archive-keyring.gpg"
else
exit_with_error "fetch_distro_keyring" "unable to find debian-ports-archive-keyring.gpg"
fi
display_alert "fetch_distro_keyring($release)" "extracted" "info"
fi
;;
ubuntu)
if [ -e "${CACHEDIR}/ubuntu-archive-keyring.gpg" ]; then
display_alert "fetch_distro_keyring($release)" "cache found, skipping" "info"
else
NEWEST_SUITE=$(curl --compressed -Ls https://changelogs.ubuntu.com/meta-release | grep 'Dist:'|tail -n 1 | awk '{print $NF}')
PKG_URL=$(curl --compressed -Ls "https://packages.ubuntu.com/${NEWEST_SUITE}/all/ubuntu-keyring/download" | \
grep -oP 'http://\S+\.deb' |grep archive.ubuntu.com|tail -n 1)
[[ -z "${PKG_URL}" ]] && exit_with_error "fetch_distro_keyring failed" "unable to find newest ubuntu-keyring package"
# ubuntu gives a long list of regional mirrors, we want as generic as possible
PKG_URL=$(echo "${PKG_URL}" | sed -E 's/[a-z0-9]+\.archive/archive/')
run_host_command_logged curl "${PROXY[@]}" -fLOJ --output-dir "${CACHEDIR}" "${PKG_URL}" || \
exit_with_error "fetch_distro_keyring failed" "unable to download ${PKG_URL}"
KEYRING_DEB=$(basename "${PKG_URL}")
dpkg-deb -x "${CACHEDIR}/${KEYRING_DEB}" "${CACHEDIR}" || /bin/true # see above in debian block about ignoring errors
if [[ ! -e "${CACHEDIR}/usr/share/keyrings/ubuntu-archive-keyring.gpg" ]]; then
exit_with_error "fetch_distro_keyring" "unable to find ubuntu-archive-keyring.gpg"
fi
cp -l "${CACHEDIR}/usr/share/keyrings/ubuntu-archive-keyring.gpg" "${CACHEDIR}/"
display_alert "fetch_distro_keyring($release)" "extracted" "info"
fi
debootstrap_arguments+=("--keyring=/usr/share/keyrings/ubuntu-archive-keyring.gpg")
;;
esac
# cp -l may break here if it's cross-filesystem
# copy everything to the "host" inside the container
cp -r "${CACHEDIR}"/{etc,usr} / || exit_with_error "fetch_distro_keyring" "failed to copy keyrings to host"
debootstrap_arguments+=("--setup-hook='copy-in ${CACHEDIR}/usr ${CACHEDIR}/etc /'")
}
# create_sources_list_and_deploy_repo_key <when> <release> <basedir>
#
# <when>: rootfs|image
# <release>: bullseye|bookworm|trixie|forky|sid|focal|jammy|noble|oracular|plucky
# <basedir>: path to root directory
#
function create_sources_list_and_deploy_repo_key() {
declare when="${1}"
declare release="${2}"
declare basedir="${3}" # @TODO: rpardini: this is SDCARD in all practical senses. Why not just use SDCARD?
[[ -z $basedir ]] && exit_with_error "No basedir passed to create_sources_list_and_deploy_repo_key"
declare distro=""
# Drop deboostrap sources leftovers
rm -f "${basedir}/etc/apt/sources.list"
# Add upstream (Debian/Ubuntu) APT repository
case $release in
buster | bullseye | bookworm | trixie | forky)
distro="debian"
declare -a suites=("${release}" "${release}-updates")
declare -a components=(main contrib non-free)
if [[ "$release" != "buster" && "$release" != "bullseye" ]]; then
# EOS releases doesn't get security updates
declare -a security_suites=("${release}-security")
suites+=("${release}-backports")
components+=("non-free-firmware")
fi
cat <<- EOF > "${basedir}/etc/apt/sources.list.d/${distro}.sources"
Types: deb
URIs: http://${DEBIAN_MIRROR}
Suites: ${suites[@]}
Components: ${components[@]}
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
EOF
if [ ${#security_suites[@]} -gt 0 ]; then
echo "" >> "${basedir}/etc/apt/sources.list.d/${distro}.sources" # it breaks if there is no line space in between
cat <<- EOF >> "${basedir}/etc/apt/sources.list.d/${distro}.sources"
Types: deb
URIs: http://${DEBIAN_SECURITY}
Suites: ${security_suites[@]}
Components: ${components[@]}
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
EOF
fi
;;
sid | unstable)
distro="debian"
if [[ "${ARCH}" == loong64 ]]; then
# loong64 is using debian-ports repo, we can change it to default after debian supports it officially
keyring_filename=/usr/share/keyrings/debian-ports-archive-keyring.gpg
else
keyring_filename=/usr/share/keyrings/debian-archive-keyring.gpg
fi
# sid is permanent unstable development and has no such thing as updates or security
cat <<- EOF > "${basedir}/etc/apt/sources.list.d/${distro}.sources"
Types: deb
URIs: http://${DEBIAN_MIRROR}
Suites: ${release}
Components: main contrib non-free non-free-firmware
Signed-By: ${keyring_filename}
EOF
# Required for some packages on riscv64.
# See: http://lists.debian.org/debian-riscv/2023/07/msg00053.html
if [[ "${ARCH}" == riscv64 ]]; then
cat <<- EOF >> "${basedir}/etc/apt/sources.list.d/${distro}.sources"
Types: deb
URIs: http://deb.debian.org/debian-ports/
Suites: ${release}
Components: main
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Architectures: riscv64
EOF
fi
;;
focal | jammy | noble | oracular | plucky)
distro="ubuntu"
cat <<- EOF > "${basedir}/etc/apt/sources.list.d/${distro}.sources"
Types: deb
URIs: http://${UBUNTU_MIRROR}
Suites: ${release} ${release}-security ${release}-updates ${release}-backports
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
EOF
;;
esac
# add armbian key
display_alert "Adding Armbian repository and authentication key" "${when} :: /etc/apt/sources.list.d/armbian.sources" "info"
mkdir -p "${basedir}"/usr/share/keyrings
# change to binary form
APT_SIGNING_KEY_FILE="/usr/share/keyrings/armbian-archive-keyring.gpg"
gpg --batch --yes --dearmor < "${SRC}"/config/armbian.key > "${basedir}${APT_SIGNING_KEY_FILE}"
# deploy the qemu binary, no matter where the rootfs came from (built or cached)
deploy_qemu_binary_to_chroot "${basedir}" "${when}" # undeployed at end of this function
# lets link to the old file as armbian-config uses it and we can't set there to new file
# we user force linking as some old caches still exists
chroot "${basedir}" /bin/bash -c "ln -fs armbian-archive-keyring.gpg /usr/share/keyrings/armbian.gpg"
# lets keep old way for old distributions
if [[ "${RELEASE}" =~ (focal|bullseye) ]]; then
cp "${SRC}"/config/armbian.key "${basedir}"
chroot "${basedir}" /bin/bash -c "cat armbian.key | apt-key add - > /dev/null 2>&1"
fi
# undeploy the qemu binary from the image; we don't want to ship the host's qemu in the target image
undeploy_qemu_binary_from_chroot "${basedir}" "${when}"
# Add Armbian APT repository
declare -a components=()
if [[ "${when}" == "image"* ]]; then # only include the 'main' component when deploying to image (early or late)
components+=("main")
fi
components+=("${RELEASE}-utils") # utils contains packages Igor picks from other repos
components+=("${RELEASE}-desktop") # desktop contains packages Igor picks from other repos
# stage: add armbian repository and install key
# armbian_mirror="http://$([[ $BETA == yes ]] && echo "beta" || echo "apt").armbian.com"
declare armbian_mirror="apt.armbian.com"
if [[ -n $LOCAL_MIRROR ]]; then
armbian_mirror="$LOCAL_MIRROR"
elif [[ $DOWNLOAD_MIRROR == "china" ]]; then
armbian_mirror="mirrors.tuna.tsinghua.edu.cn/armbian"
elif [[ $DOWNLOAD_MIRROR == "bfsu" ]]; then
armbian_mirror="mirrors.bfsu.edu.cn/armbian"
elif [[ $BETA == "yes" ]]; then
armbian_mirror="beta.armbian.com"
fi
cat <<- EOF > "${basedir}"/etc/apt/sources.list.d/armbian.sources
Types: deb
URIs: http://${armbian_mirror}
Suites: $RELEASE
Components: ${components[*]}
Signed-By: ${APT_SIGNING_KEY_FILE}
EOF
# disable repo if DISTRIBUTION_STATUS==eos, or if SKIP_ARMBIAN_REPO==yes, or if when==image-early.
if [[ "${when}" == "image-early" ||
"$(cat "${SRC}/config/distributions/${RELEASE}/support")" == "eos" ||
"${SKIP_ARMBIAN_REPO}" == "yes" ]]; then
display_alert "Disabling Armbian repo" "${ARCH}-${RELEASE} :: skip:${SKIP_ARMBIAN_REPO:-"no"} when:${when}" "info"
mv "${SDCARD}"/etc/apt/sources.list.d/armbian.sources "${SDCARD}"/etc/apt/sources.list.d/armbian.sources.disabled
fi
declare CUSTOM_REPO_WHEN="${when}"
# Let user customize
call_extension_method "custom_apt_repo" <<- 'CUSTOM_APT_REPO'
*customize apt sources.list.d and/or deploy repo keys*
Called after core Armbian has finished setting up SDCARD's debian.sources/ubuntu.sources and armbian.sources in /etc/apt/sources.list.d/.
If SKIP_ARMBIAN_REPO=yes, armbian.sources.disabled is present instead.
The global Armbian GPG key has been deployed to SDCARD's ${APT_SIGNING_KEY_FILE}, de-armored.
You can implement this hook to add, remove, or modify sources.list.d entries, and/or deploy additional GPG keys.
Important: honor $CUSTOM_REPO_WHEN; if it's ==rootfs, don't add repos/components that carry the .debs produced by armbian/build.
Ideally, also don't add any possibly-conflicting repo if `$CUSTOM_REPO_WHEN==image-early`.
`$CUSTOM_APT_REPO==image-late` is passed during the very final stages of image building, after all packages were installed/upgraded.
CUSTOM_APT_REPO
unset CUSTOM_REPO_WHEN
return 0
}
Reference in New Issue View Git Blame Copy Permalink