mirror of
https://github.com/kevinveenbirkenbach/linux-image-manager.git
synced 2024-11-21 14:41:04 +01:00
Compare commits
5 Commits
9519b314e9
...
bac3edc404
Author | SHA1 | Date | |
---|---|---|---|
bac3edc404 | |||
b2881c1319 | |||
3daed9447b | |||
bd05fd4c2d | |||
bbb54a4237 |
@ -33,16 +33,6 @@ create_luks_key_and_update_cryptab(){
|
|||||||
fi
|
fi
|
||||||
sudo dd if=/dev/urandom of="$secret_key_path" bs=512 count=8 &&
|
sudo dd if=/dev/urandom of="$secret_key_path" bs=512 count=8 &&
|
||||||
|
|
||||||
# Check if luks_memory_cost is defined and set the luksAddKey command accordingly
|
|
||||||
# @see https://chatgpt.com/share/008ea5f1-670c-467c-8320-1ca67f25ac9a
|
|
||||||
if [ -n "$luks_memory_cost" ]; then
|
|
||||||
info "Adding key with --pbkdf-memory set to $luks_memory_cost" &&
|
|
||||||
sudo cryptsetup -v luksAddKey "$2" "$secret_key_path" --pbkdf-memory "$luks_memory_cost" &&
|
|
||||||
else
|
|
||||||
info "Adding key without --pbkdf-memory parameter" &&
|
|
||||||
sudo cryptsetup -v luksAddKey "$2" "$secret_key_path" &&
|
|
||||||
fi
|
|
||||||
|
|
||||||
info "Opening and closing device to verify that everything works fine..." &&
|
info "Opening and closing device to verify that everything works fine..." &&
|
||||||
sudo cryptsetup -v luksClose "$1" || info "No need to luksClose $1." &&
|
sudo cryptsetup -v luksClose "$1" || info "No need to luksClose $1." &&
|
||||||
sudo cryptsetup -v luksOpen "$2" "$1" --key-file="$secret_key_path" &&
|
sudo cryptsetup -v luksOpen "$2" "$1" --key-file="$secret_key_path" &&
|
||||||
|
@ -88,16 +88,19 @@ case "$operation_system" in
|
|||||||
base_download_url="https://www.fosshub.com/Android-x86.html?dwl=android-x86_64-9.0-r2.iso";
|
base_download_url="https://www.fosshub.com/Android-x86.html?dwl=android-x86_64-9.0-r2.iso";
|
||||||
image_name="android-x86_64-9.0-r2.iso"
|
image_name="android-x86_64-9.0-r2.iso"
|
||||||
image_checksum="f7eb8fc56f29ad5432335dc054183acf086c539f3990f0b6e9ff58bd6df4604e"
|
image_checksum="f7eb8fc56f29ad5432335dc054183acf086c539f3990f0b6e9ff58bd6df4604e"
|
||||||
|
boot_size="+500M"
|
||||||
;;
|
;;
|
||||||
"torbox")
|
"torbox")
|
||||||
base_download_url="https://www.torbox.ch/data/";
|
base_download_url="https://www.torbox.ch/data/";
|
||||||
image_name="torbox-20220102-v050.gz"
|
image_name="torbox-20220102-v050.gz"
|
||||||
image_checksum="0E1BA7FFD14AAAE5F0462C8293D95B62C3BF1D9E726E26977BD04772C55680D3"
|
image_checksum="0E1BA7FFD14AAAE5F0462C8293D95B62C3BF1D9E726E26977BD04772C55680D3"
|
||||||
|
boot_size="+200M"
|
||||||
;;
|
;;
|
||||||
"arch")
|
"arch")
|
||||||
question "Which Raspberry Pi will be used (e.g.: 1, 2, 3b, 3b+, 4...):" && read -r version
|
question "Which Raspberry Pi will be used (e.g.: 1, 2, 3b, 3b+, 4...):" && read -r raspberry_pi_version
|
||||||
|
boot_size="+500M"
|
||||||
base_download_url="http://os.archlinuxarm.org/os/";
|
base_download_url="http://os.archlinuxarm.org/os/";
|
||||||
case "$version" in
|
case "$raspberry_pi_version" in
|
||||||
"1")
|
"1")
|
||||||
image_name="ArchLinuxARM-rpi-armv7-latest.tar.gz"
|
image_name="ArchLinuxARM-rpi-armv7-latest.tar.gz"
|
||||||
luks_memory_cost="64000"
|
luks_memory_cost="64000"
|
||||||
@ -115,13 +118,14 @@ case "$operation_system" in
|
|||||||
luks_memory_cost="256000"
|
luks_memory_cost="256000"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
error "Version $version isn't supported."
|
error "Version $raspberry_pi_version isn't supported."
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
;;
|
;;
|
||||||
"manjaro")
|
"manjaro")
|
||||||
question "Which version(e.g.:architect,gnome) should be used:" && read -r version
|
question "Which version(e.g.:architect,gnome) should be used:" && read -r gnome_version
|
||||||
case "$version" in
|
boot_size="+500M"
|
||||||
|
case "$gnome_version" in
|
||||||
"architect")
|
"architect")
|
||||||
image_checksum="6b1c2fce12f244c1e32212767a9d3af2cf8263b2"
|
image_checksum="6b1c2fce12f244c1e32212767a9d3af2cf8263b2"
|
||||||
base_download_url="https://osdn.net/frs/redir.php?m=dotsrc&f=%2Fstorage%2Fg%2Fm%2Fma%2Fmanjaro%2Farchitect%2F20.0%2F";
|
base_download_url="https://osdn.net/frs/redir.php?m=dotsrc&f=%2Fstorage%2Fg%2Fm%2Fma%2Fmanjaro%2Farchitect%2F20.0%2F";
|
||||||
@ -144,22 +148,30 @@ case "$operation_system" in
|
|||||||
image_name="manjaro-gnome-22.1.3-230529-linux61.iso"
|
image_name="manjaro-gnome-22.1.3-230529-linux61.iso"
|
||||||
;;
|
;;
|
||||||
"raspberrypi")
|
"raspberrypi")
|
||||||
|
# at the moment just optimized for raspberry pi 4
|
||||||
base_download_url="https://github.com/manjaro-arm/rpi4-images/releases/download/23.02/"
|
base_download_url="https://github.com/manjaro-arm/rpi4-images/releases/download/23.02/"
|
||||||
image_name="Manjaro-ARM-gnome-rpi4-23.02.img.xz"
|
image_name="Manjaro-ARM-gnome-rpi4-23.02.img.xz"
|
||||||
|
luks_memory_cost="256000"
|
||||||
|
raspberry_pi_version="4"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
error "Gnome Version $gnome_version isn't supported."
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
;;
|
;;
|
||||||
"moode")
|
"moode")
|
||||||
|
boot_size="+200M"
|
||||||
image_checksum="185cbc9a4994534bb7a4bc2744c78197"
|
image_checksum="185cbc9a4994534bb7a4bc2744c78197"
|
||||||
base_download_url="https://github.com/moode-player/moode/releases/download/r651prod/"
|
base_download_url="https://github.com/moode-player/moode/releases/download/r651prod/"
|
||||||
image_name="moode-r651-iso.zip";
|
image_name="moode-r651-iso.zip";
|
||||||
;;
|
;;
|
||||||
"retropie")
|
"retropie")
|
||||||
question "Which version(e.g.:1,2,3,4) should be used:" && read -r version
|
boot_size="+500M"
|
||||||
|
question "Which version(e.g.:1,2,3,4) should be used:" && read -r raspberry_pi_version
|
||||||
base_download_url="https://github.com/RetroPie/RetroPie-Setup/releases/download/4.8/";
|
base_download_url="https://github.com/RetroPie/RetroPie-Setup/releases/download/4.8/";
|
||||||
case "$version" in
|
case "$raspberry_pi_version" in
|
||||||
"1")
|
"1")
|
||||||
image_checksum="95a6f84453df36318830de7e8507170e"
|
image_checksum="95a6f84453df36318830de7e8507170e"
|
||||||
image_name="retropie-buster-4.8-rpi1_zero.img.gz"
|
image_name="retropie-buster-4.8-rpi1_zero.img.gz"
|
||||||
@ -302,13 +314,8 @@ if [ "$transfer_image" = "y" ]
|
|||||||
info "Starting image transfer..."
|
info "Starting image transfer..."
|
||||||
if [ "$distribution" = "arch" ]
|
if [ "$distribution" = "arch" ]
|
||||||
then
|
then
|
||||||
|
# Set default size of the boot partition
|
||||||
# Default size of the boot partition
|
boot_size=${boot_size:-"+500M"}
|
||||||
default_boot_size="+300M"
|
|
||||||
|
|
||||||
# Prompt to adjust the boot partition size
|
|
||||||
question "What size should the boot partition be? (Default: $default_boot_size):" && read -r boot_size
|
|
||||||
boot_size=${boot_size:-$default_boot_size}
|
|
||||||
|
|
||||||
# Use the provided size or the default size
|
# Use the provided size or the default size
|
||||||
info "The boot partition will be set to $boot_size."
|
info "The boot partition will be set to $boot_size."
|
||||||
@ -338,8 +345,15 @@ if [ "$transfer_image" = "y" ]
|
|||||||
|
|
||||||
if [ "$encrypt_system" == "y" ]
|
if [ "$encrypt_system" == "y" ]
|
||||||
then
|
then
|
||||||
info "Formating $root_partition_path with LUKS..." &&
|
# Check if luks_memory_cost is defined and set the luksAddKey command accordingly
|
||||||
sudo cryptsetup -v luksFormat -c aes-xts-plain64 -s 512 -h sha512 --use-random -i 1000 "$root_partition_path" &&
|
# @see https://chatgpt.com/share/008ea5f1-670c-467c-8320-1ca67f25ac9a
|
||||||
|
if [ -n "$luks_memory_cost" ]; then
|
||||||
|
info "Formating $root_partition_path with LUKS with --pbkdf-memory set to $luks_memory_cost" &&
|
||||||
|
sudo cryptsetup -v luksFormat -c aes-xts-plain64 -s 512 -h sha512 --use-random -i 1000 --pbkdf-memory "$luks_memory_cost" "$root_partition_path" || error
|
||||||
|
else
|
||||||
|
info "Formating $root_partition_path with LUKS" &&
|
||||||
|
sudo cryptsetup -v luksFormat -c aes-xts-plain64 -s 512 -h sha512 --use-random -i 1000 "$root_partition_path" || error
|
||||||
|
fi
|
||||||
decrypt_root || error
|
decrypt_root || error
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -373,6 +387,12 @@ if [ "$transfer_image" = "y" ]
|
|||||||
sudo dd if="$image_path" of="$device_path" bs="$OPTIMAL_BLOCKSIZE" conv=fsync status=progress &&
|
sudo dd if="$image_path" of="$device_path" bs="$OPTIMAL_BLOCKSIZE" conv=fsync status=progress &&
|
||||||
sync ||
|
sync ||
|
||||||
error
|
error
|
||||||
|
elif [ "${image_path: -3}" = ".xz" ]
|
||||||
|
then
|
||||||
|
info "Transferring .xz file..." &&
|
||||||
|
unxz -c "$image_path" | sudo dd of="$device_path" bs="$OPTIMAL_BLOCKSIZE" conv=fsync status=progress &&
|
||||||
|
sync ||
|
||||||
|
error
|
||||||
else
|
else
|
||||||
error "Image transfer for operation system \"$distribution\" is not supported yet!";
|
error "Image transfer for operation system \"$distribution\" is not supported yet!";
|
||||||
fi
|
fi
|
||||||
@ -380,7 +400,8 @@ if [ "$transfer_image" = "y" ]
|
|||||||
info "Skipping image transfer..."
|
info "Skipping image transfer..."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$distribution" != "manjaro" ]
|
# Execute Raspberry Pi specific procedures
|
||||||
|
if [ -n "$raspberry_pi_version" ]
|
||||||
then
|
then
|
||||||
info "Start regular mounting procedure..."
|
info "Start regular mounting procedure..."
|
||||||
if mount | grep -q "$boot_partition_path"
|
if mount | grep -q "$boot_partition_path"
|
||||||
@ -404,11 +425,35 @@ if [ "$distribution" != "manjaro" ]
|
|||||||
info "Content of $fstab_path:$(cat "$fstab_path")" || error
|
info "Content of $fstab_path:$(cat "$fstab_path")" || error
|
||||||
|
|
||||||
info "Define target paths..." &&
|
info "Define target paths..." &&
|
||||||
|
administrator_username="administrator"
|
||||||
target_home_path="$root_mount_path""home/" &&
|
target_home_path="$root_mount_path""home/" &&
|
||||||
target_username=$(ls "$target_home_path") &&
|
default_username=$(ls "$target_home_path") &&
|
||||||
|
|
||||||
|
question "Should the $default_username be renamed to $administrator_username? (y/N):" && read -r rename_decision
|
||||||
|
if [ "$rename_decision" == "y" ];
|
||||||
|
then
|
||||||
|
variable_old_username="$default_username" &&
|
||||||
|
target_username="$administrator_username" &&
|
||||||
|
info "Rename home directory from $target_home_path$variable_old_username to $target_home_path$target_username..." &&
|
||||||
|
mv -v "$target_home_path$variable_old_username" "$target_home_path$target_username" || error "Failed to rename home directory"
|
||||||
|
else
|
||||||
|
target_username="$default_username"
|
||||||
|
fi
|
||||||
|
|
||||||
target_user_home_folder_path="$target_home_path$target_username/" &&
|
target_user_home_folder_path="$target_home_path$target_username/" &&
|
||||||
target_user_ssh_folder_path="$target_user_home_folder_path"".ssh/" &&
|
target_user_ssh_folder_path="$target_user_home_folder_path"".ssh/" &&
|
||||||
target_authorized_keys="$target_user_ssh_folder_path""authorized_keys" &&
|
target_authorized_keys="$target_user_ssh_folder_path""authorized_keys" &&
|
||||||
|
|
||||||
|
# Activate later. Here was a bug
|
||||||
|
question "Should the $target_username have sudo rights? (y/N):" && read -r sudo_decision
|
||||||
|
if [ "$sudo_decision" == "y" ]; then
|
||||||
|
sudo_config_dir="$root_mount_path""etc/sudoers.d/"
|
||||||
|
sudo_config_file="$sudo_config_dir$target_username"
|
||||||
|
mkdir -vp $sudo_config_dir
|
||||||
|
echo "$target_username ALL=(ALL:ALL) ALL" > "$sudo_config_file" || error "Failed to create sudoers file for $target_username"
|
||||||
|
chmod 440 "$sudo_config_file" || error "Failed to set permissions on sudoers file for $target_username"
|
||||||
|
fi
|
||||||
|
|
||||||
question "Enter the path to the SSH key to be added to the image (default: none):" && read -r origin_user_rsa_pub || error
|
question "Enter the path to the SSH key to be added to the image (default: none):" && read -r origin_user_rsa_pub || error
|
||||||
if [ -z "$origin_user_rsa_pub" ]
|
if [ -z "$origin_user_rsa_pub" ]
|
||||||
then
|
then
|
||||||
@ -421,9 +466,9 @@ if [ "$distribution" != "manjaro" ]
|
|||||||
cat "$origin_user_rsa_pub" > "$target_authorized_keys" &&
|
cat "$origin_user_rsa_pub" > "$target_authorized_keys" &&
|
||||||
target_authorized_keys_content=$(cat "$target_authorized_keys") &&
|
target_authorized_keys_content=$(cat "$target_authorized_keys") &&
|
||||||
info "$target_authorized_keys contains the following: $target_authorized_keys_content" &&
|
info "$target_authorized_keys contains the following: $target_authorized_keys_content" &&
|
||||||
chown -vR 1000 "$target_user_ssh_folder_path" &&
|
info "Set permissions with chmod..." &&
|
||||||
chmod -v 700 "$target_user_ssh_folder_path" &&
|
chmod -v 700 "$target_user_ssh_folder_path" &&
|
||||||
chmod -v 600 "$target_authorized_keys" || error
|
chmod -v 600 "$target_authorized_keys" || error "Failed to set ownership and permissions on ssh folder"
|
||||||
else
|
else
|
||||||
error "The ssh key \"$origin_user_rsa_pub\" can't be copied to \"$target_authorized_keys\" because it doesn't exist."
|
error "The ssh key \"$origin_user_rsa_pub\" can't be copied to \"$target_authorized_keys\" because it doesn't exist."
|
||||||
fi
|
fi
|
||||||
@ -437,7 +482,23 @@ if [ "$distribution" != "manjaro" ]
|
|||||||
|
|
||||||
copy_resolve_conf
|
copy_resolve_conf
|
||||||
|
|
||||||
question "Type in new password (leave empty to skip): " && read -r password_1
|
chroot_user_home_path="/home/$target_username/"
|
||||||
|
chroot_user_ssh_folder_path="$chroot_user_home_path.ssh"
|
||||||
|
if [ "$rename_decision" == "y" ]; then
|
||||||
|
info "Delete old user and create new user" &&
|
||||||
|
(
|
||||||
|
echo "userdel -r $variable_old_username"
|
||||||
|
echo "useradd -m -d $chroot_user_home_path -s /bin/bash $target_username"
|
||||||
|
echo "chown -R $target_username:$target_username $chroot_user_home_path"
|
||||||
|
) | chroot "$root_mount_path" /bin/bash || error "Failed to delete old user and create new user"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$origin_user_rsa_pub" ]
|
||||||
|
then
|
||||||
|
info "Chroot to set ownership..." &&
|
||||||
|
( echo "chown -vR $target_username:$target_username $chroot_user_ssh_folder_path" ) | chroot "$root_mount_path" /bin/bash || error
|
||||||
|
fi
|
||||||
|
question "Type in new password for user root and $target_username (leave empty to skip): " && read -r password_1
|
||||||
|
|
||||||
if [ -n "$password_1" ]; then
|
if [ -n "$password_1" ]; then
|
||||||
question "Repeat new password for \"$target_username\": " && read -r password_2
|
question "Repeat new password for \"$target_username\": " && read -r password_2
|
||||||
@ -535,7 +596,7 @@ if [ "$distribution" != "manjaro" ]
|
|||||||
# Concerning which moduls to load
|
# Concerning which moduls to load
|
||||||
# @see https://raspberrypi.stackexchange.com/questions/67051/raspberry-pi-3-with-archarm-and-encrypted-disk-will-not-boot-how-can-be-identif
|
# @see https://raspberrypi.stackexchange.com/questions/67051/raspberry-pi-3-with-archarm-and-encrypted-disk-will-not-boot-how-can-be-identif
|
||||||
|
|
||||||
case "$version" in
|
case "$raspberry_pi_version" in
|
||||||
"1" | "2")
|
"1" | "2")
|
||||||
mkinitcpio_additional_modules=""
|
mkinitcpio_additional_modules=""
|
||||||
;;
|
;;
|
||||||
@ -546,7 +607,7 @@ if [ "$distribution" != "manjaro" ]
|
|||||||
mkinitcpio_additional_modules="lan78xx"
|
mkinitcpio_additional_modules="lan78xx"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
warning "Version $version isn't supported."
|
warning "Version $raspberry_pi_version isn't supported."
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user